Bitdefender Antispam Lab warns of tax season scams in the United States

Tax season always brings an increased risk of fraud for both tax professionals and individuals. Any taxpayer could be a target of cybercrooks who use a variety of tactics, including email and phone, to trick users into handing over credentials, PINs, and other sensitive information.

Did you know?

In 2023, the IRS received 294,138 complaints of tax-related identity theft from taxpayers. Victims had to wait an average of 19 months for the agency to process and send their refunds.

Some of the most convincing and successful scams during tax filing season rely on a couple of factors that leave people more vulnerable or susceptible to them.

This includes:

• Lack of individual awareness
• Threat actors’ ability to manipulate and deceive victims
• Perfectly timing attacks and exploiting emotional triggers
• Establishing trust by masquerading as legitimate authorities

While we’ve already tackled some of the scam scenarios individuals can expect this year, researchers at Bitdefender Antispam Lab have remained vigilant for email-based schemes targeting taxpayers and tax professionals this week.

Phishing for information with bogus tax audits

In many tax scams, fraudsters impersonate IRS agents and government employees. For about a week now, antispam researchers have noticed a wave of tax audit scams meant to steal login credentials and take over accounts.

In the sample below, fraudsters warn of an in-person audit at the place of business and ask the recipient to download documents to prepare for the “tax audit team” visit.

The link embedded in the email, directs users to a fake WeTransfer page where individuals need to fill out their credentials.

Although IRS audits are nothing new, and they don’t necessarily suggest a problem with the accounts of an individual or an organization, the message could panic an unaware individual into “downloading” the “Tax Demand Notice” and handing over login credentials to scammers.

It’s crucial to note that the IRS will initially notify individuals of an audit via mail only. A written request should contain a list of specific records that the IRS would like to review. Further instructions on how the agency will conduct the audit and contact information should also be enclosed in the letter. The IRS will never initiate an audit via telephone.

Legitimate and official audit requests should always arrive via an official letter in the mail.

What about that tax certificate arriving in your inbox?

Tax season can be a stressful time for all taxpayers who may unwittingly interact with fraudulent correspondence that seems to originate from the government revenue service.

In another scam campaign spotted by Bitdefender researchers, fraudsters bait recipients with fake attachments that purportedly contain a tax certificate.

A tax certificate is a very important document issued by a revenue service agency and serves as evidence of tax payments and compliance with local tax regulations.  The HTML attachment, directs recipients to a fake Excel page that requires them to fill out their email address, password and phone numbers.

In another version of the scam, fraudsters impersonate a legitimate IRS registered tax preparer to steal credentials.

When tax season turns into a security disaster

Nothing stings worse than having your personal or work device compromised by cybercriminals during tax season. Bitdefender researchers have also spotted a phishing campaign that aimed to infect recipients’ devices with Kutaki Stealer.

Kutaki is a key logger with info-stealing capabilities, including capturing user credentials, key strokes and mouse movements, and exfiltrating the data to the attackers.

The cybercriminals behind this campaign baited users with malicious attachments that allegedly contained details regarding a failed payment towards taxes. While the wording of the email might seem a bit off, the thought of facing additional payments or penalties could be enough to persuade even the most cautious of recipients to act.

How to fight tax season scams and fraud

Tax season gives fraudsters the perfect backdrop to conduct highly successful schemes against individuals, businesses, and even professional tax preparers.

Despite a slew of tactics and delivery methods for tax season scams, there are easy ways to stay safe from these fraud attempts.

Staying informed about the latest scam tactics and maintaining a skeptical mindset can be a very effective shield against any scam. If you know how to identify potential malicious activity, you can stay ahead of scammers who continuously adapt their ruses. It’s important to get rid of that “won’t happen to me” attitude and know that anyone, even the savviest individual, can be deceived by a scammer.

The bottom line:

• The IRS does not contact taxpayers via emails, texts, or social media and will never request sensitive information via these unofficial channels.
• No government agency, including the Revenue Service, will ever tell its employees to harass, threaten, and demand payments from individuals.
• Never respond to unsolicited messages asking you to provide PIN codes, SSNs, credentials, banking information, or transfer money.
• Use official channels and the official IRS website whenever in doubt.
• Be highly cautious of unsolicited attachments, and don’t download or access them on your device.
• Maintain a good cybersecurity posture by using unique passwords for your accounts and enabling 2FA and use a security solution to protect against phishing attempts, fraudulent websites and malware attacks.
• Report phishing attempts via the IRS scam reporting service.

When in doubt, ask Bitdefender Scamio, our AI-powered scam detector. Scamio helps you determine in minutes whether any unsolicited correspondence is a potential scam. Describe the situation to Scamio, send a link, text or screenshot. Scamio will analyze the information and respond. You can access Scamio for free on any device or operating system via your web browser or Facebook Messenger.

Note: This article is based on spam samples and analysis provided by our dedicated Bitdefender Labs researchers Viorel Zavoiu and Victor Vrabie