Phishing schemes are nothing new. We often read about them or hear people talk about them on TV. However, we rarely think that we could actually be the victims of phishing schemes, malware, or scams of any kind. Nevertheless, these malicious actions can target anyone. According to security experts, they have become more frequent during this tax season. To get the sensitive information they need, scammers are now targeting people via fake news related to topics of interest, such as tax refunds, stimulus payments, or COVID-19 vaccination.
Over the past few weeks, the IRS has issued several warnings on different scams, as many phishing attempts have been made via email. Educational institutions and individuals using ‘.edu’ addresses were the main targets. They’ve been receiving emails that contain the IRS logo and have subject lines that refer to tax refund payments or recalculation. Those who open the email get invited to click on a link that will allow them to send a refund claim form. As you can imagine, the form’s sole purpose is to collect personal information such as social security numbers.
Another IRS impersonation scam is related to COVID-19 stimulus payments. During the past months, when many people relied on these payments, scammers have come up with different email phishing strategies. To seem more convincing, the emails they’ve sent featured the IRS logo and offered to help people access the much-needed amounts sooner. Scammers have also used the branding of different accounting companies or tax preparation firms. In more extreme situations, there have even been reports on malware used to infiltrate users’ computers. The malware then accesses sensitive information such as credit or debit card information.
One such attempt was carried out via Dridex, a banking Trojan. Once a user opened a scam email and clicked on a particular link, it allowed this piece of malware to install itself on their computer. Then the program could act as a banking bot, steal money from bank accounts, or it could register banking credentials.
This banking Trojan was used in correlation with the American Rescue Plan Act of 2021. It infiltrated people’s computers via fake emails that used this hot topic promising fast money. However, this piece of malware has been in use for years. What cybercriminals do is use new tactics and topics to be able to install malware on victims’ computers, and the pandemic relief plans have offered just the right opportunity to do this.
Governmental agencies are not the only ones that try to warn people about the risks related to tax season scams. McAfee, the giant cybersecurity company, does the same by posting updates and sending its users newsletters on how to stay cautious during this period when scams and phishing attempts proliferate. According to officials, last year’s tax fraud schemes amounted to $2.3 billion. The numbers are likely to increase in the future since more and more people have started filling their taxes online.
To avoid any scams related to the IRS or COVID stimulus, the golden rule of thumb is to refrain from answering phones or emails that seem to come from the IRS. Remember the only way this entity communicates with taxpayers is via official letters.
Finally, people should also remain cautious while reading news online. Many scams are now using hot topics related to taxes or relief bills, or even COVID 19 vaccination to lure readers into clicking on different links. The latter topic was leveraged during the past months. People eager to get vaccinated fell into traps that promised a quick solution. Those reluctant and thus prone to read any theories on this topic from any sources were also easy victims. Depending on how hackers work, they might ask users to fill in a form and then use their contact details to reach out with enticing offers and try to obtain money or banking information. Alternatively, the links might contain dangerous malware that, once installed, steals credentials or sensitive information.
All in all, it is always important to be careful and think twice before clicking on a suspicious link, filling out a form online, or downloading programs. There are many ways for cybercriminals to attempt to gain sensitive information, especially in periods of social and economic unrest such as the Pandemic. To avoid being the victim of a malware attack, besides installing proper antivirus protection on your PC, you should always be wary of emails sent from state institutions that end up directing you to other pages or ask you to provide personal information.