IRS warns of 400 percent surge in tax-related phishing emails

The number of tax related phishing and malware incidents has exploded this US tax season, the US Internal Revenue Service (IRS) has warned on Thursday. All in all, there has been an increase of nearly 400 percent.

“There were 1,026 incidents reported in January, up from 254 from a year earlier,” they shared. “This year’s 1,389 incidents have already topped the 2014 yearly total of 1,361, and they are halfway to matching the 2015 total of 2,748.”

This year’s tax filing season opened on January 14 and ends on April 18, and according to IRS Commissioner John Koskinen, this dramatic jump in these scams comes at its busiest time.

The most noticeable increase was that of emails and messages impersonating the IRS or other persons and entities in the tax industry (e.g. tax software companies, accountants, etc.).

IRS phone scams are still going strong, but scammers have obviously realized that they can reach more potential victims in a shorter period of time via emails and text messages.

“The phishing schemes can ask taxpayers about a wide range of topics. E-mails can seek information related to refunds, filing status, confirming personal information, ordering transcripts and verifying PIN information,” the IRS warns. Phishing sites can also carry information-stealing malware.

At the beginning of the tax season, the IRS has announced that stronger protections for taxpayers and the nation’s tax system have been implemented for the 2016 tax filing season.

“The new measures attack tax-related identity theft from multiple sides. Many changes will be invisible to taxpayers but help the IRS, states and the tax industry provide new protections,” they explained. “There will be new security requirements when you’re preparing your taxes online, especially when you sign in to your tax software account, to better protect your tax software account and personal information.”

But taxpayers are also expected to inform themselves about the tax-related malicious schemes most often employed by scammers.

“It is important to keep in mind the IRS generally does not initiate contact with taxpayers by email to request personal or financial information. This includes any type of electronic communication, such as text messages and social media channels,” the IRS pointed out.

The IRS itself is not immune to blunders and vulnerabilities that leave it (and taxpayers) open to data theft.

In May 2015, they temporarily shut down their Get Transcript web application because cybercriminals were able to take advantage of it to steal tax forms full of personal information of more than 100,000 taxpayer.

And only last week they admitted that their Electronic Filing PIN application has been exploited by unknown individuals to extract 5-digit PIN codes of some 101,000 taxpayer. These codes can be used to file fraudulent tax returns.




Share this