Don’t Take the Bait – The IRS Dirty Dozen Sees New Phishing Scams in 2018

Share Your Thoughts: Facebooktwitterlinkedin

The April tax deadline is nearly here (Tuesday, April 17, 2018), but that doesn’t mean scammers and phishers quit causing havoc and headaches. Although many scams occur during filing season, the IRS continues to see evolving phishing scams throughout the and computer code

Compiled annually by the IRS, the “Dirty Dozen” lists a variety of common scams that taxpayers may encounter. One scheme detailed by the IRS in 2018 targets tax professionals, payroll professionals, human resources personnel, school and individual tax payers.

In these email schemes, criminals pose as a person or organization the taxpayer trusts or recognizes. They may hack an email account and send mass emails under another person’s name. Or they may pose as a bank, credit card company, tax software provider or government agency. Criminals go to great lengths to create websites that appear legitimate but contain phony log-in pages. These criminals hope victims will “take the bait” and provide money, passwords, Social Security numbers and other information that can lead to identity theft.

Fake emails and websites also can infect a taxpayer’s computer with malware without the user knowing it. The malware gives the criminal access to the device, enabling them to access all sensitive files or even track keyboard strokes, exposing login information.

Below is a list of the IRS Dirty Dozen:

  1. Phishing
  2. Phone Scams
  3. Identify Theft
  4. Return Preparer Fraud
  5. Fake Charities
  6. Inflated Refund Claims
  7. Excessive Claims for Business Credits
  8. Falsely Padding Deductions on Returns
  9. Falsifying Income to Claim Credits
  10. Frivolous Tax Arguments
  11. Abusive Tax Shelters
  12. Offshore Tax Avoidance

Back to phishing; how can you, and your employees, avoid falling victim to these scams?

Remain alert

Phishing attacks use email or malicious websites to solicit personal information by posing as a trustworthy organization. An actor may take advantage of knowledge gained from research and earlier attempts to masquerade as a legitimate source, including the look and feel of authentic communications. These targeted messages can trick any user into taking action that may compromise enterprise security.

Spot common elements of the phishing lifecycle

  • A Lure: enticing email content.
  • A Hook: an email-based exploit.
    • Email with embedded malicious content that is executed as a side effect of opening the email
    • Email with malicious attachments that are activated as a side effect of opening an attachment
    • Email with “clickable” URLs: the body of the email includes a link, which displays as a recognized, legitimate website, though the actual URL redirects the user to malicious content
  • A Catch: a transaction conducted by an actor following a successful attempt.
    • Unexplainable charges
    • Unexplainable password changes

Understand how the IRS communicates electronically with taxpayers

  • The IRS does not initiate contact with taxpayers by email, text messages or social media channels to request personal or financial information.
  • This includes requests for PIN numbers, passwords or similar access information for credit cards, banks or other financial accounts.
  • The official website of the IRS is

Take action to avoid becoming a victim

If you believe you might have revealed sensitive information about your organization or access credentials, report it to the appropriate contacts within the organization, including network administrators. They can be alert for any suspicious or unusual activity.

Watch for any unexplainable charges to your financial accounts. If you believe your accounts may be compromised, contact your financial institution immediately and close those accounts.

If you believe you might have revealed sensitive account information, immediately change the passwords you might have revealed. If you used the same password for multiple accounts, make sure to change the password for each account and do not use that password in the future.

Report suspicious phishing communications

  • Email: If you read an email claiming to be from the IRS, do not reply or click on attachments and/or links. Forward the email as-is to [email protected] (link sends e-mail), then delete the original email.
  • Website: If you find a website that claims to be the IRS and suspect it is fraudulent, send the URL of the suspicious site to [email protected] (link sends e-mail) with subject line, “Suspicious website”.
  • Text Message: If you receive a suspicious text message, do not reply or click on attachments and/or links. Forward the text as-is to 202-552-1226 (standard text rates apply), and then delete the original message (if you clicked on links in SMS and entered confidential information, visit the IRS’ identity protection page).

If you are a victim of any of the above scams involving IRS impersonation, please report to [email protected] (link sends e-mail), file a report with the Treasury Inspector General for Tax Administration (TIGTA), the Federal Trade Commission (FTC), and the police.

Are you really prepared?Firestorm Analytical Solutions 2018 IT Resiliency cover

Scammers, phishers and hackers can access your organization’s sensitive data in a variety of ways during and apart from tax season. How do you know if your cyber security efforts are enough protect your intellectual data? How does your organization stack up against others in the industry? Find out by participating in our 3rd Edition IT Resiliency Planning Assessment Study.

What are the current trends in IT Resiliency Planning and how are the most mature programs achieving success? This study compiles information from IT professionals around the globe and facilitates data-driven crisis management.

The Firestorm Analytical Solutions IT Resiliency Planning Assessment Study is used to assess how organizations are approaching their IT/DR/Resiliency programs. The study is now open for participation and will close May 25, 2018.

Who should participate?

• Participants must be responsible for contingency/resiliency planning.
• Study accommodates planners to global manager
• Study does not accommodate professionals who provide consulting services.

Why participate?

• Study participants will receive a complimentary copy of the study findings.
• Study questions and assessment of data is completed by an International Benchmarking Advisory Board
• The response is immense, driven by the value the results provide.
• The scope is world-wide, due to extensive contacts and partnerships.
• The company is independent, neutral party and completely confidential – individual contact and company information is never shared outside of Firestorm.


Share Your Thoughts: Facebooktwitterlinkedin