With Tax Day nearing and taxpayers facing last-minute pressure, an increase in IRS scams is being observed.
Recent research conducted by McAfee Labs indicates a rise in sophisticated tax schemes during the peak filing season, with fraudulent text messages being a prominent tactic.
Around half of taxpayers finalize their tax obligations between mid-March and April 15, giving scammers a window to exploit as individuals hurry to submit their filings to the IRS.
Based on our 2024 data, the upcoming days are expected to see the following trends:
- An Increase in Tax Scams – Malicious tax scam URLs saw a nearly fourfold increase from February 1 (2.9% of activity) to February 28 (10.5%) last year, with a significant spike towards the end of the month.
- Mobile Attacks on the Rise – 76% of all tax scam activities in 2024 targeted mobile users via text messages, often utilizing URL shorteners to disguise fraudulent links.
- Coordinated Scam Campaigns Expected – A single campaign in 2024 constituted 17.3% of all blocked tax-related URLs, employing fake IRS-style links such as “irs.gov.tax-helping[.]com”.
Apart from pretending to be the IRS, scammers will also imitate tax preparation and software firms. Similar to previous years, taxpayers can anticipate scams revolving around quick refunds and simple filing solutions that serve as a cover for fraudulent activities. Regardless of the guise, scammers’ objective remains consistent – to deceive taxpayers into divulging their personal and financial information.
Noteworthy Tax Scams to Stay Vigilant Against
As tax season brings an influx of personal information shared online, scammers capitalize on this opportunity. Taxpayers’ guard may be lowered as they expect tax-related communications, making them more susceptible to divulging sensitive information. This scenario is ideal for scammers aiming to:
- Steal Account Information – Fraudsters attempt to acquire account or financial details linked to credit cards and banks to conduct unauthorized transactions using the victim’s funds.
- Submit False Returns – Scammers may file fraudulent returns in the victim’s name to claim refunds, leaving the victim both without their money and facing a case of fraud.
- Engage in Identity Theft – Stolen information is utilized to open new credit lines and accounts under the victim’s identity.
- Trade Stolen Information – Scammers may sell pilfered data on dark web platforms for profit, allowing others to use it for malicious purposes like identity theft.
The impact of tax scams is heightened by their focus on critical personal data, particularly Social Security Numbers (SSNs).
The theft of an SSN can lead to severe forms of identity theft, such as impostor fraud, insurance fraud, employment fraud, which can cause extensive damage to an individual’s financial standing and reputation, requiring months or even years to rectify.
Modus Operandi of Tax Scams
Tax scams essentially operate through a deceptive approach.
It commences by enticing the victim with a fraudulent communication supposedly from the IRS, a tax preparation entity, or a tax software provider. This communication could come in the form of an email, a direct message on social media, or even in paid search results.
Primarily, scammers lure victims through text messages. Mobile devices are increasingly targeted, aligning with the trend mentioned earlier. Here, scammers commonly deploy link shortening techniques to cloak malicious URLs. (You might be familiar with shortened links like bit.ly and goo.gl. While they simplify sharing long URLs, the downside is the difficulty in verifying their destination.)
In some instances, scammers employ tactics like incorporating “irs.gov” into the web link to deceive taxpayers. An exemplar of this is showcased below, where the domain poses as “irs.gov” but actually directs users to a scam site under “entes-tax[dot]com”.
Deceptive texts embedding “irs.gov” within a harmful hyperlink
Regarding the message content, scammers dispatch urgent-sounding texts concerning tax refunds such as, “Your reimbursement is on hold, reach out to the IRS urgently.” Other fraudsters employ intimidation, issuing warnings of possible incarceration for non-payment. Alternatively, scammers may threaten to withdraw privileges like driver’s licenses, professional licenses, or even immigration status. The IRS identifies these as common indicators of a scam. The IRS never resorts to threats or tactics like these to settle tax matters.
The subsequent blow occurs when recipients click on the attachment in these texts, redirecting them to counterfeit IRS websites. These sites can be remarkably persuasive. The most sophisticated ones mimic the appearance and atmosphere of the official IRS site and adopt URLs that bear a striking resemblance to an authentic IRS URL, potentially deceiving recipients who fail to scrutinize these details closely.
Illustration of a counterfeit IRS claim webpage
This is where the harm takes place. Under the fraudulent guise of receiving a refund or issuing a payment, scammers harvest the valuable personal information previously discussed, resulting in immediate and long-term repercussions for the victims.
The same strategy applies to scammers impersonating tax preparation services and tax software companies. While the texts and websites may differ in appearance, they are part of a larger scheme to obtain identical types of personal and financial data.
Techniques To Steer Clear of Tax Frauds
Despite the ingenuity of these ploys, there are ways to evade them. The initial step involves awareness. By perusing this piece and disseminating it among others, you can raise awareness about these scams and their widespread prevalence.
Furthermore, you can take several precautionary measures that will significantly enhance your safety during tax season:
- Exercise caution with emails and phone calls alleging to be from the IRS. Typically, the IRS communicates through physical mail rather than electronic mail or text messages. (Refer to their list of approved IRS communication methods for additional information.)
- Avoid disclosing personal details over the phone. The IRS never makes requests for personal information via phone calls, and no government agency will solicit money via telephone. Requests for payments via money orders, gift cards, or non-IRS.gov online platforms are clear warning signs.
- Directly validate websites and emails. Even if they appear to be from a trusted tax advisor or partner, verify their authenticity directly instead of clicking on links within emails or text messages.
- Utilize online security measures that can identify fraudulent activities. Features included in our McAfee+ subscriptions can help you identify deceptive websites and text messages and our Web Protection as well as Online Account Cleanup in particular alert you if a link might direct you to a questionable website and help safeguard your internet profiles. If you happen to tap or click on a malicious hyperlink, they will block those websites.
- Implement preventive measures. Monitor your credit history for any unusual activities, ensure strict privacy settings on your social media, and establish robust, distinct security codes for your profiles. McAfee+ packages offer tools to facilitate all these actions from a single platform.
- Erase your private information from unreliable data trading platforms. Frauds via email, phone, or messages all necessitate a piece of personal data—your contact details. Often, scammers obtain this from data trading websites. These platforms buy, amass, and vend detailed personal data gathered from various public and private origins. Our Personal Data Cleanup checks some of the most risky data trading websites and discloses those that are peddling your personal information.
- Ultimately, file your tax returns promptly. To prevent scammers from claiming your refund, ensure you claim it first. In certain scenarios, taxpayers only realize they’ve been scammed when filing a return—only to find that it has already been submitted.
The article Your Phone Is the #1 Target in a New Wave of IRS Scams, McAfee Finds was originally published on McAfee’s Blog.
About Author
