Contact Us      General Enquiries: +44 (0) 1273 834 000   Support / Service Desk: +44 (0) 113 360 9696

PAV IT

  • About Us
    • Careers
    • Our Green Credentials
    • Privacy Policy
  • IT Certainty
    • Legal and Accountancy
    • Manufacturing Sector
    • Retail Sector
    • Case Studies
    • Customer Testimonials
  • Services
    • Backup and Disaster Recovery
    • IT Support Monitoring
    • Project Delivery
    • Cloud Services
    • Application Packaging
    • Pavilion Service Credits
  • News & Events
    • BLOG
    • Events
    • Newsletters
    • News
  • Technology Solutions
    • Communication and Collaboration
    • Modern Workspaces
    • Data and Governance
CONTACT SALESsupport
  • Home
  • Our latest Blogs
  • Blog
  • Cybercriminals Escalate Impersonation Attacks During Tax Season
May 28, 2022

Cybercriminals Escalate Impersonation Attacks During Tax Season

Tuesday, 21 January 2020 / Published in Blog

Cybercriminals Escalate Impersonation Attacks During Tax Season

Cybercriminals Escalate Impersonation Attacks During Tax Season, bookkeeping

With the 2020 tax season underway, cybersecurity analysts are seeing an increase in the number of impersonation attacks focused on stealing personal information through voice phishing, texts, and email.

According to the Daily Mirror and other news sites, taxpayers are at their most vulnerable during income tax self-assessments due to uncertainties over filing processes. Other reports have shown cybercriminals take on the guise of credible organizations to persuade citizens to hand over private credentials. They exploit access to bank accounts and sell the data they’ve secured for additional profit. Wired Magazine’s Louise Matsakis, cybersecurity staff writer, has commented, “…online scammers do more than masquerade as the IRS. Some have created fake versions of online accounting tools like QuickBooks, while others pretend to be tech support agents… to dupe people trying to file their taxes.” 135 million people filed electronically last year according to the IRS, many on their phones.

“These attacks…work,” commented Carl Wearn, Mimecast’s Head of E-crime and Cyber Investigation. Unfortunately, there’s no appreciable way to halt these types of impersonation attacks on a large scale. The best defense depends on individual cyber awareness and an understanding of red flags that suggest foul play.

Phones Are a Common Threat Vector for Impersonation Attacks


Identifying common threat vectors as a taxpayer is a crucial safeguard in protecting information and financial assets, especially going into the 2020 tax season. By banking on an individual’s uncertainty, impersonation attacks generally follow several vectors. They contact targets by vishing and encourage them to call back with private information; they also reach out via text or email, posing as the IRS. These may come as reminders to file or tax preparation offers, and some have begun mailing official-looking, fraudulent letters.

Scammers use these avenues to offer fake tax rebates using malicious links. Impersonators often leave accusatory voicemails or emails to manipulate victims and cause fear and alarm. In one example, Business Insider’s senior personal finance reporter Tanza Loudenback writes, “A phone number from Washington, DC, called me and left a voicemail….It was an automated message that said:

‘Time sensitive and urgent … we found that there was a fraud and misconduct on your tax which you are hiding from federal government. This needs to be rectified immediately, so please return the call as soon as you receive the message.’”

The IRS has stated they will not reach out to discuss financial matters through email, text, or social media, and calls are generally reserved for follow-up to an official letter. Voicemails like this are a prime example of fraud, playing on the fears of the listener to invoke an impulsive response. Though it may not have worked in the case of Loudenback, thousands of taxpayers fall into these traps every year. Cybercriminals play on taxpayer uncertainty with malicious disinformation, coercing victims into providing banking details, social security numbers, and other personal information.

Recognize Signs of an Impersonation Attack


Impersonation attacks are more common than ever, and a source of risk for taxpayers who lack the necessary cyber awareness to successfully deflect these advances. In 2018, the U.S Internal Revenue Service released a report highlighting a 60% increase in bogus email schemes to steal money or tax data, and tactics are continuously growing in sophistication and scale. Carl Wearn’s research indicates impersonation is the most frequent type of attack and is increasing in use. It’s become a necessity for taxpayers to discern the difference between credible revenue service communications and fraud.

Taxpayers must educate themselves on how to identify signs of foul play. There’s no viable way to lessen the number of attacks happening – the only method to best minimize risk is to recognize there is a threat before it’s too late. The IRS offers useful information on their own protocols.

Scammers have become proficient at playing on the uncertainties of victims, but these ploys are easily detectable when taxpayers are aware of IRS processes. When if doubt, contact the IRS directly with questions and concerns.

Fight Tax Fraud: Cyber Awareness Best Practices


Much like walking to a car alone at night, it pays to be vigilant and aware of any surrounding environment. This is also true of the cyber landscape. Impersonation attackers will seek to exploit taxpayer confusion to persuade and coerce victims into divulging sensitive information. Familiarity with the cyber awareness best practices below will help victims mitigate risk and defend their assets:

• Filing taxes early can prevent scammers from filing them in a taxpayer’s stead
• Use password-protected WiFi and login practices when filing electronically.
• Check URLs for the “s” at the end of “https”, which stands for secure encryption. Any site page without one may be vulnerable to data collection.
• Only use credible tax filing services, whether it be an online application or an accountant. Be wary of “ghost tax return preparers.”
• Respond to official IRS communications as soon as possible.

January 2020 will mean tax form processing for everyone, and for many, these steps can seem ambiguous and confusing. But practicing cyber awareness by avoiding voicemails, text messages, and emails that seem suspicious can protect individuals from detrimental financial and data loss.

Article by Sarah Rollman

Tagged under: cyberawareness, cybersecurityawareness, cybersecuritytips, dataprotection, emailsecurity, itsecurity, malware, mimecast, ransomware

What you can read next

May newsletter icon
IT’s About Time… for our May newsletter!
Anne Lamott Quote
Designing in Automation and Productivity to Support the Modern Workplace
Microsoft Windows 7 end of life: What it means for your business
Microsoft Windows 7 end of life: What it means for your business

Recent Posts

  • Sophos Event Blog Header

    Better cyber protection doesn’t have to cost you more

    Most campaigns that vendors / resellers run is ...
  • Cyber Insurance Blog

    Cyber insurance: there’s bad news and there’s good news

    The threat environment is more challenging than...
  • Evolving Cyberattacks header

    How Common Types of Cyberattacks are Evolving

    Cyberattacks are ever changing. Read about cybe...
  • Watchguard MFA Header

    Protecting User Identity and Securing Business Trust with Multi-Factor Authentication

    THE EVOLUTION OF AUTHENTICATION – HOW WE GOT HE...
  • CRN Nomination 2022 Header

    CRN Best Company to Work For Nomination 2022

    Why is your company such a great place to work?...

Categories

  • Applications
  • Blog
  • Cisco
  • Commvault
  • Events
  • Legal
  • Manufacturing
  • Microsoft
  • Mimecast
  • Networking
  • News
  • Newsletters
  • Other News
  • Retail
  • Sophos
  • Watchguard

pavilion logo small

A leading IT infrastructure solution and support provider that has been delivering flexible and modular solutions and consultancy to businesses across the UK since 1988.

GET IN TOUCH

  • General Enquiries: +44 (0)1273 834 000
  • Support Desk: +44 (0)1273 834 433
  • Email: info@pav.co.uk
  • PAV I.T. Services
  • The Old Corn Mill, Bullhouse Mill
  • Lee Lane, Millhouse Green
  • Sheffield S36 9NN
  • View on Google Maps
  • About Us
    • Careers
    • Our Green Credentials
    • Privacy Policy
  • IT Certainty
    • Legal and Accountancy
    • Manufacturing Sector
    • Retail Sector
    • Case Studies
    • Customer Testimonials
  • Services
    • Backup and Disaster Recovery
    • IT Support Monitoring
    • Project Delivery
    • Cloud Services
    • Application Packaging
    • Pavilion Service Credits
  • News & Events
    • BLOG
    • Events
    • Newsletters
    • News
  • Technology Solutions
    • Communication and Collaboration
    • Modern Workspaces
    • Data and Governance

Pav IT © 2022 All rights reserved.

  • GET SOCIAL
TOP