Tax Season – A Second Holiday Season for Cyber Criminals

Share Button

Tax Season is upon us, which is basically a second holiday season for cybercriminals, for two reasons.

First, with all the personal identifiable information that has been compromised over the past two years, it is easy to forecast that identity theft and phishing attacks launching ransomware will be trends for 2016. Victims are now and will soon be learning that their tax refund has already been paid out (to someone else), and they have fallen prey to compromised data. While identity theft has historically mostly been focused on the financial sector, fraudulent filing of tax returns is becoming easier and easier. Basically, all the fraudster needs is a name, SSN and DOB, all of which has been compromised from various sources in recent, well-publicized data breaches. Tax fraud is expected to reach $21 billion this year, up from $6.5 billion two years ago.

The second way that tax season is a boon for cybercriminals is due to the fact that tax preparation increasingly is moving online. Whether through email confirmations from the government, email exchange of personal information between tax attorneys, CPAs and their clients, or through the use of online tax preparation software, more and more of our tax data is being transmitted online. But this ease of use has a downside – fraud. Last year it was reported on the DMARC blog that there was a surge in reports during tax deadline time. They saw about three times more than the typical daily volume on April 15th and 16th, likely due to email volumes from tax filing and tax phishing campaign, and phishers looking to get victims to fall prey to an email phishing tax filing scam. And with all the stress of tax season, many people scramble to meet the deadlines and let their guard down. When spoofed emails appear to be coming from the IRS or their tax preparer, they will open and click on emails and links downloading malicious malware that will steal PII or load ransomware onto their PC or business servers (which can then be used to steal bank account info, etc).

In addition, many organizations and individuals are apparently failing to follow recommendations from security experts which include using anti-

malware software, keeping up-to-date backups on disconnected media and to never paying ransoms.

So not only are criminals cashing in this tax season, leveraging previously stolen data, they’re also stocking up – just like many consumers do after the holiday – on the things they’ll need to ensure successful additional fraud campaigns in the future.

Related Posts

The Fraud Beat 2019: Time to Reevaluate It has never been clearer that organizations are aware of the risks of fraud: in 2019 100% of financial institutions surveyed in the Faces of Fraud Report reported increasing or maintaining their budgets for fraud prevention.
Meet Lucifer: A New International Trojan The cat-and-mouse game between cybercriminals and security analysts never stops. Every so often, the mouse (in this case, represented by some kind of malware) pulls out front at a pace that catches that cat (the security solution) off guard.

Leave a Reply

Your email address will not be published. Required fields are marked *