Cybercriminals have been taking advantage of tax season for years. While we have seen tax seasons involving countries like Australia and the U.K., it appears that cybercriminals tend to heavily favor the use of Internal Revenue Service (IRS) scams, especially during the US tax season.
Over the years, the attackers’ means may have evolved but their goal remains the same—to trick victims into giving out personal information or money.
Our new research paper, A Profile of IRS Scammers: Behind Tax Fraud, takes an in-depth look at IRS scams by following the criminal activities of three IRS scammers. From lure to drop-off, we trace each step they take and highlight the noteworthy scam components, including their malware, their infrastructure, and their tactics.
IRS tax scams normally begin with cybercriminals sending spam to as many potential victims as possible shortly before or after tax filing season. The emails spread malware either by asking readers to open a malicious attachment or to click a link that leads to the download of a malicious file.
Figure 1. Diagram of a typical IRS tax scam
Unfortunately, tax scams work because a lot of users constantly fall for the ruse. The truth is—fighting cybercrime is everyone’s responsibility. Authorities that are usually spoofed to scare users into doing something they would not otherwise do should continuously issue warnings. Security vendors should constantly update their products to protect against the latest threats.
Awareness is the first step to avoid becoming an IRS tax scam victim. Every taxpayer needs to know how the IRS works so they will not be tricked even by the most elaborate and convincing scams. The IRS has also been exerting effort to warn taxpayers about all kinds of fraud.
A little technical help from products and services that prevent spam and phishing emails from even reaching inboxes should also help. These technologies can also block access to malicious sites even if links that lead to them are clicked. They also prevent the download and installation of malicious programs or components on computers, thus thwarting threats even before they can wreak havoc.
For a detailed look at IRS tax scams, you may read our paper, A Profile of IRS Scammers: Behind Tax Fraud.