Today is the last day to file your federal income taxes. And the looming 12:00 a.m deadline has thousands, if not millions of citizens stressing out and more susceptible to phishing scams than usual.
Every good cybercriminal knows this and they are working overtime churning out fake emails from the IRS and other taxing authorities in the hopes of snagging victims, stealing valuable information and ultimately, making some money.
IRS Phishing PSA
For those of you who stumble across this blog post hoping to find a quick answer to the question “How do I know if this email from the IRS is real?” here is the quick answer.
The IRS will NEVER ask you to send along personally identifiable information such as your social security number or bank account details. So, if you are looking at an email that purports to be from the IRS and it is asking for this information it is a fake, phishing email and you should discard it ASAP!
IRS Issues Scam Warning
The prevalence of phishing scams this tax season prompted the IRS to issue a warning on March 17, 2017.
In the warning the IRS urged both tax professionals and taxpayers to be on guard against suspicious activity.Two scams were highlighted in the warning. In the first, which targets tax preparers, a fake email is sent to the preparer, (ostensibly from the client) asking the preparer to change the refund destination, often to a pre-paid debit card.The second scam targets users of tax preparation software or similar services. Users receive emails from these entities asking them to update their online accounts.Of course, those nostalgic for the good old days should be happy to know that telephone scams are still plentiful with the “IRS” robo-calling with urgent messages that require immediate action.
From Phishing to Malware
The purpose of these phishing emails is often not to directly collect account information but rather to install malware that can then access all the information stored on the infected device and even hijack the camera. That, according to www.zscaler.com.
The Zscaler ThreatLabZ team has detected a rise in Java-based remote access Trojan variants — jRATs — which give attackers a backdoor into a victim’s system and can be capable of remotely taking control of the system once it’s infected. Malware authors are using numerous tactics to entice unsuspecting users to open infected attachments, which arrive as malicious JAR files. Most recently, we’ve seen filenames such as “IRS Updates.jar” and “Important_PDF.jar,” claiming to contain important tax deadline information from the IRS.
Security is a 24X7X365 Job
Today it’s tax filing, tomorrow the scam will focus on something else. It appears that cybercriminals never sleep and never take a day off. Somewhere in the world there is always someone or some bot attempting to fleece unsuspecting individuals and organizations. I think we have finally “progressed” as a society to the point when we can confidently say that the only things certain in life are death, taxes and cybercrime!