50 Shades of Tax Season Scams

by News Editor on March 1st, 2013 in Industry and Security News.

We may think tax season is a burden. On the other hand, it is actually the prime hunting season for cyber criminals to ply their trade. They are constantly trying to steal implementing phishing scams and fraudulent emails that are often directed to taxpayers and request for personal information, such as a social insurance, credit card, bank account and passport numbers claiming the taxpayer can receive a refund or benefit payment....

According to a 2012 study by Javelin Strategy and Research, there has been a 13 percent increase in identity theft incidents through 2011. One reason cited in the study, the first time Javelin examined mobile social behaviors, is the widespread use of social media. The Javelin study found that more than two-thirds of all social media users publicly display their birthdays.

A key to maintaining secure social media presence is keeping answers to security questions private, experts say. When users lose the password to their email accounts or even online bank accounts, they’ll be asked personal questions: What’s your mother’s maiden name? What was your high school mascot?

According to Karen Carlson, director of education and creative solutions at InCharge Debt Solutions in Orlando, FL, suggests that the remedy is simply keeping track of financial information. Personal documents should be safely stored, never carried around unless absolutely necessary.

The Examiner has suggested the two most common methods that malicious users take advantage of are tricking people into visiting fake websites or opening malware infected attachments:

1.    Fake Websites
This is the most commonly utilized method for tax season scams. For example, an email appearing to be from the IRS, is received by the user. The email contains a link to a fake IRS website. The links often appear authentic and connect the victim to sites that resemble the genuine IRS website. These imposter sites are set up to collect personal and/or financial information entered into an online form. These fake websites often ask for information such as SSN, bank routing and account numbers, credit card numbers, and online banking passwords or PINs.

2.    Malware Infected Attachments (often disguised as tax forms):
In this method, forms are sent as attachments within an email. Users are then tricked into opening the attachments or forms, thinking that the forms must be completed as part of their tax filing. In these instances, scammers are attempting to infect computers with malicious software that would give them hidden access to the infected computer or silently record everything that is typed on the keyboard. This would then allow malicious users to silently steal information.

These are some common tax scams that the IRS (Internal Revenue Agency) has reported recently:

1.    Refund Scam
This is the most common scam. In this scam, a bogus email tells the recipient that they are eligible for a federal tax refund. In order to claim the refund, the user must open an attached form, or click on a link contained in the email to access and complete the form. The IRS does not notify taxpayers of refunds via email, nor do taxpayers have to complete a special form or provide detailed financial information to obtain a refund. Refunds are based on information contained on the federal income tax return filed by the taxpayer.

2.    Inherited Funds, Lottery Winnings, Cash Consignment
In this scam, recipients receive an email claiming to come from the U.S. Department of the Treasury. The email notifies them that they will receive millions of dollars in recovered funds or lottery winnings or cash consignment if they provide certain personal information, including phone numbers, via return email.

3.    Member Satisfaction Survey
In this scam, recipients receive an email purporting to come from the IRS advising taxpayers that they can receive a sum of money by filling out an online customer satisfaction survey. In order to obtain the money, the victim must provide their banking information.

4.    Scare Tactics
Several scams exist to scare people into opening infected attachments or clicking on malicious links. One example includes a "Tax Avoidance Investigation" email claiming to come from the IRS Fraud Department and asking the user to complete an investigation form. Another example includes an email appearing to come from the IRS notifying a taxpayer that their tax return will be audited. The email instructs the recipient to click on links to complete forms online or to open attachments within the email.