There is a rise in fraudulent tax schemes as the tax due date draws near
Research conducted by Proofpoint indicates a surge in malevolent domains and schemes pretending to be tax authorities and financial organizations, coinciding with an escalating trend in tax-related activities from December to April. The study noted the presence of deceitful tactics in both the United Kingdom and the United States.
Within the U.K., various tax-related phishing efforts replicated official emails from HM Revenue & Customs (HMRC) and inserted URLs that directed recipients to malicious websites aimed at stealing credentials.
In the U.S., deceitful domains were spotted assuming the identities of legitimate financial institutions, applications, and entities known for their involvement in accounting, financial transactions, and tax submissions.
Selena Larson, Senior Threat Intelligence Analyst at Proofpoint, remarked, “Content pertaining to taxes consistently serves as an enticing bait during tax seasons worldwide, and at the start of the year, Proofpoint typically registers a surge in such content, which coincides with the tax seasons in the U.K. and the U.S. This type of lure can be exceptionally effective because it combines the urgency surrounding deadlines with the perceived risk of incurring additional charges, business disruptions, or financial impacts. Individuals may also feel compelled to respond or engage with the content if it appears to originate from a position of authority, such as a government agency.
“When individuals come across an email that seems tax-related in their inbox, it is essential for them to exercise caution because cybercriminals excel at creating persuasive bait. Given that a substantial amount of business is transacted via email, individuals may anticipate such content and assume its validity. Moreover, threat actors frequently complement emails with phone calls or text messages, utilizing multiple channels to carry out their attacks.
“Individuals should remain vigilant and be wary of common techniques employed by threat actors, including masquerading as legitimate domains and personas, utilizing aggressive and urgent language, guiding individuals to unofficial websites, and requesting payments through third-party apps or platforms. By familiarizing themselves with these tactics and maintaining a high level of alertness, individuals can significantly decrease the chances of falling victim to phishing attacks and effectively protect their finances and sensitive data.”
About Author
