Consumers and businesses, beware: it’s tax evasion season
Tax evasion schemes in 2022 netted scammers $5.7 billion, more than double the amount from the previous year, according to the Internal Revenue Service, and there doesn’t seem to be any respite in sight.
Although scams are on the rise, the good news is that the main tactics used by fraudsters remain fundamentally unchanged, which means that by understanding the signs of tax evasion and taking action to counter it, consumers and businesses can avoid being victimized during tax season. .
“Threat actors routinely take advantage of tax season,” observed Selena Larson, principal threat intelligence analyst at Proofpoint, an enterprise security firm in Sunnyvale, Calif.
“They know that a large portion of the population will face stress and urgency to file their taxes correctly and on time,” she told TechNewsWorld. “It’s these pressures that make people more susceptible to a tax-themed email offering assistance or a warning when it’s actually a vessel for fraud.”
“And since tax season deals directly with finances, there’s an open window for a bigger payday,” she said.
Larson added that threat actors are increasingly adept at using social engineering to prey on people’s fears, emotions and urgency during tax season.
“They will take advantage of IRS branding and fake government sites, pretending to be a tax authority either by communicating necessary legitimate information – such as a change to a form or process – or by trying to collect payment,” a she explained.
Growth Fueled by Data Breach
Larson also advised consumers and businesses to be aware of bogus “tax preparation services.” These types of attacks typically go beyond simple authentication credentials, such as usernames and passwords, she noted, and attempt to steal personal information, including security numbers. social and bank account information.
“Most tax professionals offer excellent advice and can help people solve complex tax problems,” IRS Commissioner Danny Werfel said in a statement. “But we continue to see cases of taxpayers being ‘ghosted’ by unscrupulous tax preparers with bad advice that quickly disappears.”
The massive amount of personal information circulating on the Internet from numerous data breaches has also contributed to the growth of tax evasion.
“There’s a lot of information on the internet that can be used in tax evasion schemes,” observed Abigail Showman, senior team leader at New York-based threat intelligence provider Flashpoint. Threat Analysis and Incident Response Services, which recently released a report on tax evasion.
“Many threat actors can collect this information and use it quite easily in tax evasion schemes,” she told TechNewsWorld.
“Each year, more sensitive information about people is lost through data breaches and other means,” explained Erich Kron, a security awareness advocate at KnowBe4, an awareness training provider in security in Clearwater, Florida.
“This allows attackers to have a huge list of people to target, many of whom have very detailed information,” he told TechNewsWorld. “It helps these bad actors create more compelling social engineering emails and other communications.”
Threat actors will also recycle information, noted Showman’s colleague, tactical threat surveillance analyst Rebecca McHale. “They could apply for unemployment benefits and then turn around and use that personally identifying information for other schemes, including tax evasion,” she told TechNewsWorld.
“They want to make the most of compromised personal information that they hijack and steal for malicious purposes,” she said.
In its tax evasion report, Flashpoint identified several ways fraudsters attempt to extort information or money from their targets, including:
- Phishing. A proven technique that uses email to trick a target into visiting a malicious website or sharing information on their W-2 form.
- Reimburse scams. A fraudster will contact a victim and offer to get a bigger refund than expected. Once the target gives the scammer all the information needed to file a tax return, the scammer will file the return and have the refund sent to them.
- Claiming fake tax credits. When a fraudster files a statement for a victim, it will include claims for which the target is not eligible.
“We’ve seen a lot of student tax credits filed this way,” McHale said. “That would include the Lifetime Learning Credit and the American Opportunity Tax Credit.”
“Students are typically first-time filers and don’t yet have big identity protections in place, like their ID protection PIN and adjusted gross income,” she explained.
Amy Nofziger, director of fraud victim support at AARP, noted that the organization’s Fraud Watch Network hotline continues to receive calls about IRS Imposter scams.
“You’ll get a phone call or a text saying there’s a problem with your tax refund, and you’ll be arrested,” she told TechNewsWorld. “Scammers will then demand immediate payment, usually through prepaid gift cards or another non-traditional form of payment like cryptocurrency.”
Education is imperative
Spear phishing is rampant during tax season, observed Dror Liwer, co-founder of Coro, a cloud-based cybersecurity company based in Tel Aviv, Israel. “An attacker poses as an employee or supplier, sometimes even the accounting firm the company uses, requesting tax data or documents which they then use either for identity theft or for ransom” , he told TechNewsWorld.
“Beyond deploying anti-phishing defenses, accounting departments should be retrained to identify and report phishing attempts,” he recommended.
“The simulation in advance will highlight employees who need additional training,” he added. Education can be an important weapon in the fight against tax evasion. “This helps potential victims recognize these scams and stay safe,” Jon Clay, vice president of threat intelligence at Trend Micro, told TechNewsWorld.
“Educate your employees on how phishing works,” he advised. “Make sure they are suspicious of any communication involving tax returns and financial transactions and have a process for employees to submit suspicious content to IT for review.”
He also recommended deploying an email security solution that uses machine learning and AI to detect spam and phishing emails.
Fraud fighters, however, won’t be the only ones using AI to advance their goals.
“We’ve seen anecdotal chatter about harnessing artificial intelligence to facilitate fraud, but this tax season it hasn’t been prevalent,” McHale said. “While we haven’t seen it for this tax season, stay tuned. It’s something we’ll be watching for in the upcoming tax season.