The Internal Revenue Service (IRS) opened up the filing season on January 30, 2013 to help taxpayers prepare for the looming April 15 tax deadline. April 15 or colloquially known as Tax Day is when individual income tax returns are due to the federal government. Typical of cybercriminals, they have also prepared their own tax-related scams for taxpayers with scams that aren’t a far cry from the usual attempts.
Tax-themed attacks usually arrive in the form of spammed messages claiming to be from the IRS or other government-related entities. In order to appear a little more convincing, the messages are crafted in order to intimidate and scare users into to acting on it immediately, without having the chance to verify whether the these emails are legitimate. Below are some of the common trends in tax-themed messages seen in 2012:
- Rejected Federal Tax Transfer
- Rejected Federal Tax Transaction
- Rejected Federal Tax Payment
- Federal Tax Payment returned
- Federal tax transfer canceled
- Federal tax transfer rejected
- Federal tax transfer returned
- Your IRS federal tax transfer is cancelled
- Your federal tax transaction has been not accepted
- Your transaction is cancelled
- IRS report of not accepted tax bank transfer
- Report of tax transaction decline
- Report of tax bank transfer decline
- Income Tax Refund CANCELED
- Income Tax Refund RETURNED
- Income Tax Refund TURNED DOWN
- Income Tax Refund NOT APPROVED
…And the list goes on. Notice that these messages are made to warn users of their “negligence” in terms of payment. Due to the serious penalty involved and to avoid any kind of scuffle with the law, people would naturally try to remedy the situation by clicking the links or downloading attached files, only because the email instructed them to.
Figure 1. Detected phishing URLs related to the IRS
Apart from spam, phishing sites have also been a tax season staple throughout the years. We’ve spotted phishing pages copying the IRS official site that spike in February, but wanes come March.
In an attempt to target the growing number of mobile device users, some cybercriminals have even created tax-themed malicious apps. According to reports, these apps were being distributed using the Cutwail botnet by way of the Blackhole Exploit kit.
Why does this threat still persist?
Though the IRS issues regular warnings on their website, cybercriminals have long been effective in deceiving people and are continuously generating profit from it.
We will continue to monitor and block tax-related threats by preventing spam from even reaching users’ inboxes via our email reputation technology. Web reputation technology also blocks user access to malicious sites, and file reputation technology prevents the download and execution of malicious files onto users’ systems.
To avoid falling prey into these schemes, it pays to know how social engineering works and what makes it effective. Treat every message you receive as potentially malicious and do not download any attachment or click any link unless verified. These may seem like run-of-the-mill threats, but it looks like they won’t be going away any time soon.