What Phishing Scams Should Taxpayers Avoid This Quarter

Participants of the Security Summit such as the Internal Revenue Service along with other state tax agencies and the tax industry have cautioned tax professionals and businesses about a newly discovered scam.

The scam they were talking about is similar to other phishing strategies done by scammers. It involves an email sent to unknowing victims made to impersonate a legitimate tax software provider. The victim is led to enter vital information such as usernames and passwords to important sites.

The timing of this new phishing scam is not as random as it seems. Scammers coincided the release of these emails with the busy tax season as tax professionals are rushing to beat the the September 15 and October 15 tax extension filing deadlines. This season is also when most tax software providers offer most of their system upgrades.

What are Phishing Emails?

Phishing email messages, websites, and phone calls are designed to steal money. Cybercriminals can do this by installing malicious software on your computer or stealing personal information off of your computer.

-Microsoft Safety And Security Center

As explained on Microsoft’s website, phishing emails are meant to steal someone’s personal information for the purpose of taking money. However, during recent years, the uses of phishing emails have spread to stealing company secrets, blackmailing, or even corporate sabotage.

Phishing emails are no new threat to the corporate world. Scammers had used them as far back as 1995 when American Online (AOL) was still then the largest internet provider. Phishers, people who conduct phishing schemes, then used the email services of AOL to steal user passwords and then used a random credit card number generator to find the account that matches with that password.

The successful matches they made back then were relatively few; however, they were significant enough to cause a lot of people to lose significant amounts of money. Fast forward a few years later, phishers are now targeting not only individuals but even banks and financial institutions.

How Do These Phishing Email Work?

Some common words and phrases that can be seen in these phishing emails include “Software Support Update,” “Important Software System Upgrade,” or the likes. The message of the email would often copy the template of legitimate emails that come from actual software providers.

The email would then proceed to inform or warn the recipient, usually, a tax preparer, that they need revalidate or update their login credentials due to recent changes in the tax software that they are using.

The recipient will then be told by the phishing email to click a button which will redirect them to a website that looks almost exactly the same as the actual website of the real software provider. They will then have to insert their login credentials either to “Update the Account” or “Download Software Updates.”

However, instead of an update, two other things may happen to the unfortunate victim. The website could either take the person’s login credentials for the scammers to access their actual accounts to steal information or the site could install a virus on the victim’s computer which would grant full access to the scammers on the victim’s important files.

Similar types of phishing scams were reported just this June. However, instead of posing as an update for tax software updates, the emails pretended to offer free tax software seminars or education. The scam, on the other hand, primarily aimed to steal identities instead of money.

This would enable the phisher to file fraudulent tax returns under the name of the victim. What gave away this previous scam was that it asked for too much sensitive information from the target.

What To Do According To The Internal Revenue Service

The Internal Revenue Service reminded tax professionals that legitimate businesses and organizations would never ask for sensitive information like usernames, passwords or sensitive data through email. Also, they warned tax professionals to avoid sending such sensitive information to unknown people or through email.

The Internal Revenue Service has a particular email for phishing concerns. If ever you receive or fall victim to any questionable emails that you feel like is a scam, do not hesitate to email them through [email protected].