JANUARY 31, 2020 – Tax season presents increased opportunities for malicious cyber actors to conduct tax-themed cyber operations for financial gain, identity theft, and the theft of sensitive information. Tax-related scams are particularly common during the tax season and are often carried out through email, text messages, social media messages, and phone calls.
In many cases, malicious actors impersonate the IRS or tax services and send realistic emails to victims in mass quantities. The emails can also be tailored to specific victims to increase the appearance of legitimacy, and they often appear to be refund updates, notifications of account status or eligibility, or requests for sensitive personal, account, and/or financial information.
The most common tax scams in 2018 and 2019 included phishing, vishing, identity theft, and the use of fake charities:
Phishing: Businesses and individuals receive fake emails, text messages, and social media messages, in which a malicious actor requests sensitive information from the victim or attempts to deliver a malicious link that appears as a legitimate website to the IRS or a popular tax service. If successful, phishing scams directed at taxpayers can allow cybercriminals access to the targeted device, its functions, and files.
Vishing: Phone scams in which malicious actors threaten victims into providing personal and financial information or transferring funds to an account controlled by the actors. Actors commonly threaten victims with arrest, revocation of their driver’s license, or other false criminal offenses unless they make immediate payment.
Identity Theft: Identify theft is common during the tax season, and can occur after a malicious actor has accessed a victim’s Social Security number or Individual Taxpayer Identification Number. Once this information has been compromised, cybercriminals can use these numbers to file a fraudulent tax return and claim any anticipated tax refunds.
Fake Charities: Scammers commonly impersonate charities during tax season by using false organization names that are similar to legitimate charities or organizations. Many of these false charities take advantage of taxpayers by requesting part of their tax refund as a donation. Using this method, malicious actors either request a transfer of funds or sensitive financial information from the victim.
While increased tax-themed messages and notifications are routine this time of year, it can be difficult to distinguish the difference between fake and legitimate messages. Tax-themed phishing campaigns and malicious cyber operations are continuous and will only become more sophisticated in time, so it is important to be aware and vigilant.
Always verify the sender prior to following a link or opening an attachment, manually type the URL to official websites rather than clicking a link provided via email or text message, and refrain from sending personal or sensitive information via unsecure methods such as email, text, or social media. Protect your sensitive information at all times and file taxes early to prevent actors from filing a false tax return.
To learn more about tax scams, visit https://www.irs.gov/newsroom/tax-scams-consumer-alerts. If you suspect you have been targeted or are the victim of tax-related fraud, you may submit to NCIS via the NCIS Tips app or at www.ncis.navy.mil .
From Naval Criminal Investigative Service Public Affairs