As the U.S. tax filing season for 2017 approaches, we are seeing an expected rise in phishing attempts, largely trying to steal sensitive information like SSNs, IDs, bank accounts etc. This problem is only expected to grow as the tax filing deadline of April 18 gets closer. The Internal Revenue Service (IRS) recently issued an advisory for tax professionals and tax payers to be wary of emails and links when the source is unknown or looks suspicious. It is also interesting to see how scammers evolve quickly with new tricks every tax season. For example, the tweet below from IRS refers to a scam where bad guys send emails to tax professionals claiming that the direct deposit information for tax recipient has changed last minute, in an obvious attempt to redirect funds to scammers’ accounts.
On the web side, we have observed several variants of phishing websites that infringe on the IRS logo and other artifacts to trick users into entering sensitive personal information. Couple of examples below:
Phishing remains part of what IRS calls the “Dirty Dozen” list of tax scams in 2017. IRS also reported an increase in phishing and malware scams by 400 percent in 2016 and the trend doesn’t seem to be slowing down this year. Our advise for taxpayers and tax professionals is to be aware of IRS’s alerts on latest tax scams and in general form a habit of verifying sources of suspicious looking emails and links. Remember that IRS never asks for sensitive information from users via email and if you think you received a phishing email, please forward them to firstname.lastname@example.org.