Tax-related scams escalate as filing deadline approaches

As the April 15, 2024 tax filing deadline approaches in the US, some old and some new tax-related scams are targeting both taxpayers and tax professionals.

tax scams

Tax-related scams targeting taxpayers

With taxpayers rushing to file their personal federal income tax return, scammers are taking advantage of the commotion to trick people into sending them money or hand out sensitive private information.

The Internal Revenue Service (IRS) is warning taxpayers about common IRS impersonation scams, but also new ones.

“[A] new scheme involves a mailing coming in a cardboard envelope from a delivery service. The enclosed letter includes the IRS masthead with contact information and a phone number that do not belong to the IRS and wording that the notice is ‘in relation to your unclaimed refund’,” the agency noted.

Another scam involves phone calls: scammers, pretending to be IRS agents, call the victims and try to convince them that they owe money. They often target recent immigrants, sometimes contacting them in their native language, and threaten them with arrest, deportation, or license suspension if they don’t pay. (If you owe taxes, the IRS will email you a bill first.)

Some additional tax-related scams the IRS is warning about:

  • Tax identity theft – Scammers use a person’s identity number to file a tax return or unemployment compensation and claim refunds
  • Phishing scams – Scammers send convincing emails posing as the IRS to make victims disclose personal and financial information
  • Unethical tax return preparers (aka “ghost” tax preparers) – Individuals that pose as tax prepaprers but don’t actually file tax returns on behalf of the tax payer despite getting paid for the service. Or, if they do, they direct refunds into their own bank account rather than the taxpayer’s account.

Sometimes scammers also try to take advantage of people searching for tax filing assistance online.

“People will often go on Google to search for a phone or contact number for a business they are trying to get in touch with. Scammers are very well aware of this and will purchase ads to appear at the top of the search results,” Malwarebytes researcher Jérôme Segura recently warned.

For example, when searching for “IRS support”, an ad posing for a fake “IRS Support Line” website may appear.

“A testimonial mentioning the aforementioned website seen in the ad claims that it existed back in 2016 while whois records show the domain name was only created in 2023. To add insult to injury, the same testimonial was also used to promote a different domain,” he noted about this particular scam.

The same ad technique can be used to push crecked tax-filing software, which can be packed with malware that may allow cybercriminals to access users’ devices, steal sensitive information, encrypt files to demand ransom, or turn the device into a bot.

Tax professionals are also targeted

The IRS has warned tax professionals about a “new client” scam where cybercriminals pose as potential clients via email, seemingly seeking assistance with tax preparation.

“This phishing email has a malicious link or attachment that the scammer claims is their tax information. When the tax professional clicks the link or opens the attachment, the scammer gets access to the preparer’s email address, password and possibly other information,” the IRS noted.

“Some scammers may also load malware onto the tax pro’s computer to gain access to their system – and their clients’ data. Scammers may also use that tax professional’s hacked email account to target clients.”

Another scam involves attackers contacting tax professionals via email, with the intention to steal Electronic Filing Identification Numbers (EFINs).

“Scammers are posing as tax software providers and requesting EFIN documents from tax professionals under the guise of a required verification to transmit tax returns. These thieves attempt to steal client data and tax preparers’ identities, creating the potential for them to file fraudulent tax returns for refunds,” the agency explained.

How to protect yourself?

To protect themselves from tax-related scams, taxpayers are advised to:

  • Request an Identity Protection PIN before filing the tax return
  • Make sure to access the legitimate IRS website
  • Share personal information only though encrypted channels
  • Only use legitimate tax software and tax preparation services
  • Create strong passwords
  • Enable multi-factor authentication (MFA)
  • Promptly report tax-related schemes, scams, identity theft and fraud

The IRS stresses that they will never ask for personal/financial information or Identity Protection PINs through email, text or social media, and will never threaten with lawsuits or arrests.

Tax professionals should be extra careful when receiving emails from new clients. They need to meticulously inspect the content of the emails they receive (look out for spelling errors, weird requests and phrasing, etc.) as well as the email header. They are also urged to report suspicious emails and never follow through with any actions requested in such emails.

Scammers are constantly adapting

“Many countries across the world all have tax filing deadlines around the same time — Japan’s is just around the corner on March 15, in the US it’s April 15, and several countries (Brazil, Canada, Chile, etc.) all share an April 30 filing deadline. So, adversaries all over the globe are going to be leveraging tax-related topics in their spam emails and social engineering campaigns in the coming weeks, trying to steal money, infect devices with malware, or steal critical personal information,” notes Jonathan Munshaw, content manager at Cisco Talos Intelligence Group.

But this doesn’t inherently mean that there’s an overall increase in scams during this time of year. Rather, scams tend to concentrate on this specific topic.

“Talos’ telemetry indicates that spam hasn’t increased during tax filing season in the US for many years, and attackers’ tactics largely stay the same: Try to create a convincing offer, document, or link, and try to convince the target to engage with that social engineering in some form,” he explains.


Subscribe to the Help Net Security breaking news e-mail alerts:


Don't miss