Gird your coins: A phishing tsunami is smashing into America

Don't let crooks plunder your paycheck … that's our job, says IRS

18 Reg comments Got Tips?

The US Internal Revenue Service (IRS) has put Americans on red alert following a massive increase in reports of phishing and malware attacks targeting taxpayers.

The US tax authority said in an advisory that so far this year, reports of email and SMS-based scams were up 400 per cent and can be expected to continue in the build-up to April's tax-filing deadline.

"This dramatic jump in these scams comes at the busiest time of tax season," IRS Commissioner John Koskinen said in the alert.

"Watch out for fraudsters slipping these official-looking emails into inboxes, trying to confuse people at the very time they work on their taxes. We urge people not to click on these emails."

So far this year, the IRS says it has collected 1,389 reports. That is more than 2014's full year total of 1,361 and more than half of 2015's record haul of 2,748.

The IRS said that the emails and text messages often masquerade as official notices from the agency as well as third-party tax preparers. Targets are often asked to provide personal information or tax return details.

Those details are often harvested by the scammers and used to file fraudulent document requests and refund claims, which are then siphoned off by the criminals.

The FBI notes that it does not generally initiate communication with taxpayers via unsolicited emails, and official documents and notices are still sent via snail mail.

Members of the public are not the only ones being targeted this year. The IRS says that it is also seeing an increase in spear phishing attacks targeting the tax preparers themselves. Those attacks look to trick tax agents into handing over their Preparer Tax Information Number (PTIN) and credentials that could be used by an attacker to get into the IRS filing system.

The agency is warning taxpayers and preparers to be wary of any unsolicited emails asking for personal information or account credentials, and to avoid clicking on any links included with unsolicited or otherwise suspicious emails and text messages. ®


Biting the hand that feeds IT © 1998–2020