A 400 percent surge in tax-related phishing and malware incidents is making this tax season the most treacherous yet for taxpayers. According to an Internal Revenue Service bulletin, this year’s attacks include the tried-and-true email phishing, but also newer forms of attacks that include bogus text messages and attempts to trick people into handing over credentials to third-party tax preparation service accounts.
IRS Commissioner John Koskinen calls the dramatic jump “deeply worrying.” He said in prepared remarks, “We continue to work cooperatively with our partners on this issue, and we have taken steps to strengthen our processing systems and fraud filters to watch for scam artists trying to use stolen information to file bogus tax returns.”
The IRS reports 1,026 reported malware and phishing incidents already this year, compared to 254 this time last year. With two months to go before the official tax deadline the IRS isn’t wasting any time and sounding the alarm bell.
The IRS says attackers are attempting to harvest personal information that could be used to file false tax returns. Scams include email with links to malware-laden websites that install keyloggers. Additionally, the IRS said tax professionals are reporting phishing scams that are seeking their online credentials to IRS services, for example the IRS Tax Professional PTIN System.
“When the same old attack vectors lose their effectiveness the bad guys need to get creative,” said Fred Touchette, security research manager at AppRiver, an email and web security firm. AppRiver, he said, is also seeing a huge uptick in phishing and malware. The only difference is that the attackers are less interested in tax return money, and more interested in using tax season as a lure.
New this tax season, Touchette said, he is seeing IRS-related emails with attachments that include documents that contain macro viruses that deliver ransomware CrypoLocker, Locky and TelsaCrypt. “This year’s tax season is all about malware and exploits,” Touchette said.
On Friday Intuit, the makers of the popular TurboTax software and service, issued its 29th security alert for the month February. The alert warns customers of a fake email asking TurboTax customers to verify their account information.
Stepped up fraud awareness by the IRS comes just months after the organization fell victim to hackers that gained access to 334,000 taxpayer accounts in 2015. Through the compromise, hackers were able to infiltrate the agency’s Get Transcript service, a service that provides tax payers with tax account transaction and line by line information. Since then the Get Transcript service has been shut down.
This past year, the IRS has raised fraud awareness through a number of initiatives that include teaming up with state revenue departments and the tax industry to come up with security best practices that include stronger passwords and out-of-band verification for email addresses, which includes sending an email or text to the customer with a PIN.