With stay-at-home orders in full effect around the world, many of us are spending considerably more time online and less time outdoors, including cybercriminals. As a result, cyber threats of all kinds have been on the rise.
While tax scams continue throughout the year, we tend to see a peak in such threats during the second quarter of the year as it is normally the filing deadline for tax returns and tax refund applications in many countries. Our Anti-Phishing system blocked 129,933,555 attempts to direct users to scam websites in Q2 of 2019 alone. So far in Q2 2020, there have been 62,786,832 such attempts.
This year, the COVID-19 pandemic prompted governments to delay filing deadlines until July 15th in the US and June 1st in Canada. Cybercriminals have been opportunistic throughout the pandemic. We’ve seen the “Coronavirus Finder” that doesn’t work, emails imitating legitimate organizations including the CDC and WHO, and fake websites and e-mails supposedly from delivery services, to name a few. Coupled with typical activity in tax-related spam and phishing activity, not to mention the extra time scammers have had to prepare, we urge taxpayers to be extra cautious this year.
New research found threat actors are using a combination of scams to steal US taxpayer information in order to obtain various government payouts. https://t.co/C8AtsKn7UP
— Kaspersky (@kaspersky) May 15, 2020
Many people prefer to file their own taxes online, and cybercriminals see that as a huge opportunity to roll-out a bevy of tax-related scams. If there is one thing you take away from this post, it is that the Internal Revenue Service (IRS) does not send any formal communication via email, social media, phone calls or text messages. The Canada Revenue Agency (CRA) may call you for a few reasons, but you can always ask to verify their identity before handing over money or personal information over the phone.
Here’s a rundown of typical scams:
1. IRS Phishing scams
Each year, we see phishing emails disguised as communications from the IRS and CRA. This year, the IRS issued a new warning to taxpayers urging everyone to be on the lookout for a surge of calls and email phishing attempts exploiting COVID-19. To alleviate financial burden imposed by the pandemic, U.S. residents who have previously filed a tax return and meet income requirements will receive a ‘stimulus check.’ Naturally, people have many questions about the checks, which provides yet another opportunity for scammers to swoop in with incorrect information. If you are a non-filer, submit your direct deposit information to the irs.gov portal. Any email that tells you to do otherwise is a phishing attempt, as convincing and legitimate the email may seem.
What to do: Be wary of any tax-related emails (see additional tips below). Install the new version of Kaspersky Total Security which has been enhanced to detect the latest and most sophisticated phishing scams so you can avoid getting spoofed.
2. Impersonation telephone calls
Most times it’s easy to identify a scam call, especially if the other person on the line clearly sounds like a robot. (Voice bots have proven capable of keeping people on the line– but that’s another story). Needless to say, the IRS is not calling to threaten you over the phone. The CRA may give you a call, but using aggressive language or threatening you with arrest is not their M.O.
What to do: If you receive such a call, simply hang up, and move on with your day.
3. Fake tax preparers
If you’re in a rush to file your taxes, whether to meet the filing deadline or because you’re eager to get it over with, watch out for crooks posing as a tax prep organization. These scams can seek to lure you with the promise of a bigger return or reducing any tax debt you might owe, or offer other tax-related services. But before you respond to any emails, open attachments or click on links, verify that the resource is legitimate. Threats from fake tax preparers may also exist in the form of fraudulent software and “ghost preparers.” You can reference the IRS and CRA’s website for certified software and resources.
What to do: “In order to avoid becoming a victim of these scammers, you should only use official resources and do not click links in e-mails. If you happen to for whatever reason, do not fill in any personal information on the site to which you’ve been transferred,” says Tatyana Shcherbakova, Kaspersky Senior Web Content Analyst.
Review permissions requested by any app before accepting them, and file your taxes over a secure connection.
How to protect yourself
- Treat all communication with care. Phishing e-mails can look very convincing. Don’t click on links or open attachments if you can’t verify the legitimacy of the sender.
- Do not enter your payment card information on unfamiliar or suspicious sites. Fake sites can be made to look just like the legitimate site. Look for “https” at the start of the URL.
- Don’t trust advice about how to get a refund unless it comes from a tax professional or a trusted source. If in doubt, always double check
- Install a security solution on your device with built-in technologies designed to prevent financial fraud. For example, the Safe Money feature in Kaspersky Total Security creates a safe environment for financial transactions.
- Give yourself plenty of time to file your taxes to lessen the risk that you will respond in haste to a scam.