Tax season is very profitable for hackers who can steal both your refund and your personal data.
Tax scams are plentiful right now as consumers are filing their returns and extensions before the April 18 deadline.
Taxpayers who are eager to receive tax refunds are also vulnerable and could fall prey to the multitude of scams created by fraudsters. Cyber criminals will also pretend to help consumers by offering fake tax assistance or loans and making robocalls. On the flip side, they also issue false penalty notices to scare consumers.
Why Hackers Favor Smartphones
While your inbox is likely flooded with tax scams, the most effective ones are on mobile devices since attackers are aware this is a weak point for consumers, Hank Schless, senior manager, Security Solutions at Lookout, a San Francisco, Calif.-based endpoint-to-cloud security company, told TheStreet.
Cyber criminals are also creating phishing campaigns to take advantage of the mobile interface that makes it hard to spot a malicious message, he said.
“Any text, email, WhatsApp message or communication that creates a time-sensitive situation should be a red flag,” Schless said. “Everyone should approach these messages with extreme caution or go straight to their IT and security teams to validate it.”
Tax Returns Are a Gold Mine
Tax returns contain an abundance of personal identifiable information such as social security numbers, address, dependents information, property address and bank account information, making it a valuable target that results in monetary gain, Atif Mushtaq, chief product officer at SlashNext, a Pleasanton, Calif.-based anti-phishing company, told TheStreet.
Hackers will sell the data on the Dark Web or use it in future social engineering attacks that could lead to account takeovers and ransomware.
Enterprising cyber criminals will file fraudulent returns for tax refunds to yield millions of dollars by filing fraudulent tax returns every year and some are businesses run by organized cybercriminals, he said.
The Department of Justice said these criminal organizations are “able to exploit the speed and relative anonymity of highly automated systems for storing personal information, preparing and filing tax returns electronically, and generating income tax refunds quickly—often in the form of electronic payments.”
Millions of tax returns are filed each year with stolen identities. The IRS said as of Sept. 30, 2020, the tax agency identified 6.2 million tax returns with refunds totaling approximately $27.6 billion for additional review as a result of identity theft and fraud.
Tax identity theft usually occurs when the hacker either gets access to previous tax filings by hacking you, the accounting firm or the tax software tool or has been able to find enough of your personal information in the Dark Web in order to fill out the forms directly, Jason Glassberg, co-founder of Casaba Security, a Redmond, Washington-based cybersecurity company that specializes in ethical hacking and security program development, told TheStreet.
Fake W-2 Requests, Extortion
“Tax refund fraud is easy money for criminals,” he said. “It is remarkably easy for criminals to pull off because there is already so much personal information available for purchase on the Dark Web. After so many years of major corporate data breaches, nearly every person in the country has at least some sensitive personal information exposed in a data dump somewhere.”
Hackers also frequently take advantage of the tax season to phish employers with fake W-2 requests to harvest as many employee tax refunds as possible, Glassberg said.
“The hacker will either gain access to an employee email account or simply spoof the email address when phishing the company’s HR team or CFO office.”
Tax lien scams are common and people fall prey to them because the fraudster claims money is owed to the IRS. There is often the threat of arrest or more fines unless you pay immediately, Chris Pierson, CEO of BlackCloak, an Orlando, Florida-based cybersecurity company specializing in protection for high net worth individuals, including Fortune 500 CEOs, told TheStreet.
“The scammers will accept wire transfers for this, but more often they are asking for payment in gift cards as the money is immediately accessible, moved and nothing can be done to get your funds back,” he said.
Another type of fraud is extortion of a person’s tax record.
“For the wealthy, this is when the hacker is able to intercept your tax records and then threatens to release the information publicly unless they are paid off,” Pierson said. “There are many legitimate reasons why high net worth individuals, investors and companies would not want this type of information made public, so it can be an effective scam for a hacker.”