Avoiding Email Tax Scams
AppRiver | Posted: 4/6/2021
Cybercriminals are always eager to utilize current events for their attacks, and the tax season is no different.
Hackers are well aware that the US population is stressed out about their taxes, and they know how to
capitalize on tax anxieties to steal personal data and money.
Tax Related Scams
Troy Gill, manager of security research and senior security analyst for Zix | AppRiver, came across a few
different generic tax scams in his research, but a few to note were emails targeting Certified Public Accountant
(CPA) firms.
In one email, the malicious actor had impersonated the U.S. Internal Revenue Service (IRS) and the email
informed the resident that they were exempt from U.S. tax withholding because of their alleged status as a
non-resident alien. The message went on to instruct the recipient to confirm this fact by filling out an attached
form.
The purpose of this phishing email was to gather personal and bank details which would be sent back to the
attacker by fax.
In another tax related email scam the attacker attempted to steal information by posing as a doctor who was in
need of professional tax services. This email arrived from Russia with the subject line “Request for Tax
Preparation from Dr Kim!!” Those responsible for launching the phishing campaign impersonated a doctor
looking for professional tax services.
To add a sense of legitimacy to their attack, the threat actors went so far as to register a hospital-related
domain to be used in their campaign. Ultimately, the email acted as a lure and its purpose was to trick a
recipient CPA firm into engaging the senders. In the event that a firm responded, the attackers sent along a
remote access trojan for the purpose of stealing sensitive personal and financial data. That included
conducting identity theft, posting it for sale and filing fraudulent tax returns.
The attacks described above weren't all tax-related scams that grabbed Zix I AppRiver's attention this year. In
fact, the Internal Revenue Service warned tax professionals that digital fraudsters were impersonating the
government agency in a new scam email campaign.
The emails said that they had originated from “IRS Tax E-Filing,” and they arrived with the subject line
“Verifying your EFIN before e-filing.” Their purpose was to steal Electronic Filing Identification Numbers
(EFINs) so that attackers could file fraudulent tax returns.
Staying Secure
These attacks highlight the need for organizations to defend themselves and their employees against tax related scams. One of the ways they can do this is by investing in an email security solution that uses attachment sandboxing, message retraction and other techniques to probe incoming messages for indicators
of threat behavior. This tool should conduct this analysis in real time while allowing legitimate correspondence
to reach their intended destination.
If you have any questions or would like to learn more, please reach out to Richie Thompson at
[email protected].