With the impending Tax Day and the stress experienced by last-minute filers, there is a noticeable increase in IRS scams.
Findings from McAfee Labs highlight a new wave of sophisticated tax scams emerging during the peak filing season, with fake text messages leading the way.
Roughly half of taxpayers finalize their taxes between mid-March and April 15, providing scammers ample opportunities to exploit the rush in IRS filings.
Based on our 2024 data, here’s what can be anticipated in the days ahead:
- Anticipate a rise in tax scams – The count of malicious tax scam URLs nearly quadrupled from February 1 (2.9% of activity) to February 28 (10.5%) last year, with a considerable surge towards the end of the month.
- Mobile-based attacks will be predominant – In 2024, 76% of all tax scam activities targeted mobile users through text messages, often leveraging URL shorteners to disguise deceitful links.
- There will be meticulously planned scam operations – A single campaign in 2024 contributed to 17.3% of all blocked tax-related URLs, utilizing counterfeit IRS-style links like “irs.gov.tax-helping[.]com”.
Apart from masquerading as the IRS, scammers will also pose as tax preparation and software companies. Irrespective of the facade they adopt, the ultimate goal remains consistent—to deceive taxpayers into surrendering their personal and financial details.
Red Flags for Common Tax Scams
The tax season presents a lucrative opportunity for scammers due to the abundance of personal information shared and gathered online. This lowered guard makes taxpayers more susceptible to sharing their most confidential details when they encounter messages or advertisements relating to taxes.
- Acquire account details – Scammers aim to seize account or financial information linked to credit cards and bank accounts to pilfer funds and conduct unauthorized purchases.
- Submit fraudulent returns – Scammers attempt to file false tax returns in the victim’s name to claim refunds, leaving the victim to deal with both financial loss and fraud accusations.
- Engage in identity theft – Scammers utilize stolen information to open new credit accounts and lines in the victim’s name.
- Trade stolen data – Additionally, scammers monetize their victims by selling the obtained information in illicit online marketplaces instead of using it for identity theft.
A closer look at this list reveals the severity of the harm caused by tax scams, especially concerning the theft of Social Security Numbers (SSNs), which are among the most sensitive personal information targeted.
A compromised SSN can lead to severe forms of identity theft, such as imposter scams, insurance fraud, employment fraud, and more. The aftermath of these subsequent attacks can inflict significant damage on the victim’s finances and reputation, often requiring months or even years to rectify.
The Mechanics of Tax Scams
In essence, tax scams execute a dual strategy.
The process commences with luring the victim with a fraudulent message from a scammer posing as the IRS, a tax preparation entity, or a tax software provider. This communication could arrive via email, direct messages on social platforms, or even within sponsored search outcomes.
Primarily, scammers entice victims through text messages. As highlighted earlier, mobile assaults reign as the preferred mode of contact, where scammers frequently utilize URL shortening services to mask deceptive links. (Familiar link shorteners like bit.ly and goo.gl are commonly employed for sharing lengthy URLs, but they obscure the destination sites, making it challenging to discern their legitimacy.)
In certain instances, scammers endeavor to deceive taxpayers by embedding “irs.gov” into the URL. Below, you can observe an instance where the domain is not “irs.gov” but rather “entes-tax[dot]com,” steering individuals towards a fraudulent site.
Deceptive texts incorporating “irs.gov” in a harmful hyperlink
Regarding the content of the messages, scammers transmit urgent-sounding texts about tax refunds such as, “Your reimbursement is being withheld, reach out to the IRS immediately.” Other scammers instigate fear by issuing threats like imprisonment for failing to make payments. In other instances, scammers warn of revoking driver’s licenses, business permits, or even immigration status. According to the IRS, these are common indicators of a scam. The IRS does not utilize threats or similar strategies to address tax concerns.
The subsequent deceit occurs when individuals click on the link within these messages, leading them to bogus IRS replica websites. These sites can be quite convincing. The most sophisticated ones mimic the appearance and ambiance of the official IRS site and use URLs closely resembling an actual IRS domain, potentially deceiving anyone who does not scrutinize them carefully.
Illustration of a counterfeit IRS claim website
This is where the deception causes harm. Under the pretense of providing a refund or facilitating a payment, scammers gather crucial personal information, which can result in immediate and lasting consequences for victims.
A similar approach is adopted by scammers posing as tax preparation services and tax software companies. Although the texts and websites may appear different, they are all part of a scheme designed to acquire the same kinds of personal and financial information.
Ways To Prevent Tax Scams
Despite the cleverness of these frauds, they can be avoided. The initial step is awareness. By perusing this piece and sharing it with others, you help spread the word about these scams and their prevalence.
Additionally, you can take several precautionary measures to enhance your safety during tax season:
- Remain cautious of emails and phone calls purporting to be from the IRS. The IRS typically communicates via physical mail rather than email or text. (Refer to their guidance on IRS contact methods for more details.)
- Avoid disclosing personal information over the phone. The IRS never requests personal information via phone calls, and no governmental entity will ever demand payments over the phone. Requests for payment via money orders, gift cards, or non-IRS.gov online payment platforms are clear warning signs.
- Directly verify all websites and emails, even if they appear to originate from a trusted tax advisor or partner. Avoid clicking on links in emails or texts and instead verify the authenticity of the communications.
- Utilize online security features that can detect scams. Functionalities within our McAfee+ plans can help identify fraudulent sites and messages and our Web Protection along with Online Account Cleanup specifically alert you if a link might direct you to a suspcious site and help safeguard your web-based profiles. If you inadvertently select or tap on a harmful link, they will block those websites.
- Implement proactive measures. Monitor your credit report for any unusual activity, secure your social media privacy settings, and establish strong, distinct passwords for your profiles. Functionalities within our McAfee+ subscriptions can assist you in accomplishing all of that, conveniently in one place.
- Eliminate your private information from suspicious data broker websites. Frauds through email, phone, and SMS all necessitate something—your contact details. Frequently, scammers obtain such details from data broker platforms. These entities purchase, gather, and trade comprehensive personal data, which they assemble from various public and private origins. Our Personal Data Cleanup examines some of the most risky data broker sites and reveals the ones vending your personal details.
- Ultimately, submit your tax returns promptly. One approach to prevent scammers from seizing your refund is to claim it first. At times, taxpayers only realize they’ve been duped once they file a return—only to realize it’s already been filed.
The post Your Phone Is the #1 Target in a New Wave of IRS Scams, McAfee Finds appeared first on McAfee Blog.
About Author
