The gimmick starts with messages to taxpayers from email addresses that spoof real IRS addresses. The emails have a link to a spoofed IRS.gov website that shows phony details regarding the targeted recipient’s tax refund, return or account.
The fabricated emails show subject lines like “Automatic Income Tax Reminder” or “Electronic Tax Return Reminder.” They claim to contain a“temporary password” or “one-time password” to access the files purportedly needed to submit a request for a refund or for information. Unfortunately, those files are malware in disguise.
“The emails instruct the recipient to access their refund information by entering a provided password on the spoofed website,” the Cybersecurity and Infrastructure Security Agency (CISA) said in an alert issued Friday. “By entering the password, the victim unintentionally downloads malware that could enable the malicious cyber actors to take control of the affected system or obtain sensitive information.”
According to the IRS, the impersonation scam campaign is spreading nationally. The cons behind it are using dozens of compromised websites and web addresses that pose as IRS.gov, making it “a challenge to shut down,” according to the IRS.
The attacks are lucrative, despite the fact that it’s outside of traditional tax season for most Americans.
“This latest scheme is yet another reminder that tax scams are a year-round business for thieves. We urge you to be on guard at all times,” said IRS Commissioner Chuck Rettig, in a statement.
It is best to always ignore suspicious calls and emails and reach out to organizations, like the IRS, directly if there are any questions,” Chris Morales, head of security analytics at Vectra, told Threatpost. “A risk is malware attacks from links and attachments that can compromise your local system to gain access to sensitive information.”
Joseph Carson, head of global strategic alliances at Thycotic, told Threatpost that the emails are so authentic looking it is difficult for consumers to tell the difference from the real thing.
“These scams arrive via email in your inbox at exactly the right time,” he said. “All signs show that the email came from the IRS, it has your name on the email, the antivirus did not detect anything and it did not go to the spam filter. Therefore, it must be the real thing.”
There are several protection steps that consumers can take, he added.
“The quickest is to develop better cybersecurity hygiene by educating consumers on ways to detect email scams,” Carson noted. “Another way to stop and prevent such scams is to use a good email spam filter that will help ensure such email scams do not make it to the email inbox.”
If you need assistance with your cybersecurity needs contact DarkHound SecOps at [email protected].
Image Source: https://www.pexels.com/photo/white-and-black-desk-calculator-on-white-graphing-paper-159804/