IRS fakers using malware to steal financial information from Americans

There doesn't seem to be a day that goes by where I don't receive a call from an obvious foreigner claiming to be an Internal Revenue Service (IRS) agent.  Using predictive dialer software, these overseas phonies are able to create the illusion that they are calling from a U.S.-based number, usually from Washington, D.C.'s 202 area code, seemingly legitimizing their attempts to obtain the unsuspecting victim's credit card information.

But what happens when the evolution of this IRS scheme evolves in the internet age?  The bad actors in the so-called dark web turn to mass email attacks, of course.

A recently issued warning from the IRS is informing taxpayers about an insidious and elaborate new scheme employing the use of malware, that is attacking victims via one of the most widely used forms of communication today — email. 

The email is said to feature in the subject line "electronic tax return reminder," "Automatic Income Tax Reminder," or some variation of that terminology.  The goal of the hackers is to have the victims open an email, designed to look like a legitimate communication from the IRS.  The email then sends the recipient to a website that looks incredibly similar to an IRS site where the victim then sees information that is supposedly linked to any tax refund due, tax liability, or overall account information with the "taxman."

The actual attack is based on a popular tactic used by criminals known as "phishing."  According to statistics, almost one third of all data breaches in 2018 involved phishing, while a whopping 91% of cyber-attacks in 2012 began with a spear phishing email.  You may have an inbox full of potential vulnerabilities, as it has been estimated that one in 25 branded emails is a phishing email, with phishing emails most likely posing as communications from Amazon or Microsoft. 

One tipoff for potential victims is that these fake emails contain a "temporary" or "one-time password" that is used to log in and supposedly allow someone to access his tax information.  What actually happens is that taxpayers expose their computers to malware that has the ability to log the user's keystrokes, exposing his login information for accounts, including the ones attached to his bank accounts, resulting in potential losses.

According to an alert issued by the Cybersecurity and Infrastructure Agency (CISA), "[t]he emails instruct the recipient to access their refund information by entering a provided password on the spoofed website[.]"  The alert continues, "By entering the password, the victim unintentionally downloads malware that could enable the malicious cyber actors to take control of the affected system or obtain sensitive information."

These kinds of attacks are no longer limited to only P.C.s, either, as, according to U.S. cyber-security firm Norton, the number of new malware variants for mobile users increased 54 percent in 2017.  In addition, infections like Trojan.TrickBot are said to have collected more than 250 million email addresses to date, including emails belonging to several U.S. government departments, while other countries, including the U.K. and Canada, have also had emails and credentials collected by the malware.

This IRS scheme can be particularly effective for hackers during the period after April 15, when problematic filings are currently in process and many taxpayers are in regular communication with the IRS.  Although most people consider "Tax Day" the end of the period that they can temporarily stop thinking about the IRS, there are actually many important days left on the calendar.  Dates including September 16, which is the day third-quarter estimated tax payments are due, and October 15, which is the last day for filing your return if you requested an extension to file individual tax returns for the 2018 tax year, are still ahead of us.

As part of a statement released in response to this current outbreak, IRS commissioner Chuck Rettig reiterated that taxpayers should be perpetually vigilant when he said, "This latest scheme is yet another reminder that tax scams are a year-round business for thieves.  We urge you to be on guard at all times."

With the increased frequency and sophistication of online hacking attacks, Americans should continue to be on 24/7 watch against attacks coming from all angles.  The seed for the next attack may already be planted on the device you are using to read this article.

There doesn't seem to be a day that goes by where I don't receive a call from an obvious foreigner claiming to be an Internal Revenue Service (IRS) agent.  Using predictive dialer software, these overseas phonies are able to create the illusion that they are calling from a U.S.-based number, usually from Washington, D.C.'s 202 area code, seemingly legitimizing their attempts to obtain the unsuspecting victim's credit card information.

But what happens when the evolution of this IRS scheme evolves in the internet age?  The bad actors in the so-called dark web turn to mass email attacks, of course.

A recently issued warning from the IRS is informing taxpayers about an insidious and elaborate new scheme employing the use of malware, that is attacking victims via one of the most widely used forms of communication today — email. 

The email is said to feature in the subject line "electronic tax return reminder," "Automatic Income Tax Reminder," or some variation of that terminology.  The goal of the hackers is to have the victims open an email, designed to look like a legitimate communication from the IRS.  The email then sends the recipient to a website that looks incredibly similar to an IRS site where the victim then sees information that is supposedly linked to any tax refund due, tax liability, or overall account information with the "taxman."

The actual attack is based on a popular tactic used by criminals known as "phishing."  According to statistics, almost one third of all data breaches in 2018 involved phishing, while a whopping 91% of cyber-attacks in 2012 began with a spear phishing email.  You may have an inbox full of potential vulnerabilities, as it has been estimated that one in 25 branded emails is a phishing email, with phishing emails most likely posing as communications from Amazon or Microsoft. 

One tipoff for potential victims is that these fake emails contain a "temporary" or "one-time password" that is used to log in and supposedly allow someone to access his tax information.  What actually happens is that taxpayers expose their computers to malware that has the ability to log the user's keystrokes, exposing his login information for accounts, including the ones attached to his bank accounts, resulting in potential losses.

According to an alert issued by the Cybersecurity and Infrastructure Agency (CISA), "[t]he emails instruct the recipient to access their refund information by entering a provided password on the spoofed website[.]"  The alert continues, "By entering the password, the victim unintentionally downloads malware that could enable the malicious cyber actors to take control of the affected system or obtain sensitive information."

These kinds of attacks are no longer limited to only P.C.s, either, as, according to U.S. cyber-security firm Norton, the number of new malware variants for mobile users increased 54 percent in 2017.  In addition, infections like Trojan.TrickBot are said to have collected more than 250 million email addresses to date, including emails belonging to several U.S. government departments, while other countries, including the U.K. and Canada, have also had emails and credentials collected by the malware.

This IRS scheme can be particularly effective for hackers during the period after April 15, when problematic filings are currently in process and many taxpayers are in regular communication with the IRS.  Although most people consider "Tax Day" the end of the period that they can temporarily stop thinking about the IRS, there are actually many important days left on the calendar.  Dates including September 16, which is the day third-quarter estimated tax payments are due, and October 15, which is the last day for filing your return if you requested an extension to file individual tax returns for the 2018 tax year, are still ahead of us.

As part of a statement released in response to this current outbreak, IRS commissioner Chuck Rettig reiterated that taxpayers should be perpetually vigilant when he said, "This latest scheme is yet another reminder that tax scams are a year-round business for thieves.  We urge you to be on guard at all times."

With the increased frequency and sophistication of online hacking attacks, Americans should continue to be on 24/7 watch against attacks coming from all angles.  The seed for the next attack may already be planted on the device you are using to read this article.