Search This Blog

Showing posts with label Tax refunds. Show all posts

IRS Warned of an Ongoing IRS-Impersonation Scam

 

The Internal Revenue Service (IRS) has cautioned of ongoing phishing assaults impersonating the IRS and targeting educational establishments. The assaults focus around colleges staff and understudies with .edu email addresses and use tax refund payments as snare to lure clueless victims. The IRS said the phishing emails “appear to target university and college students from both public and private, profit and non-profit institutions.” 

It added that the suspect emails show the IRS logo and utilize different headlines, for example, "Tax Refund Payment" or "Recalculation of your tax refund payment." Clicking on a link takes victims to a phony site that requests individuals to submit a form to claim their refund. 

Abnormal Security researchers who detected these assaults in the wild, recently said that they circumvent Office 365 security and landed in the mailboxes of between 5,000 and 50,000 targets. "This impersonation is especially convincing as the attacker's landing page is identical to the IRS website including the popup alert that states' THIS US GOVERNMENT SYSTEM IS FOR AUTHORIZED USE ONLY', a statement that also appears on the legitimate IRS website," Abnormal Security revealed. 

 The phishing site requests taxpayers to provide their: 

• Social Security number
• First Name 
• Last Name 
• Date of Birth 
• Prior Year Annual Gross Income (AGI)
• Driver's License Number
• Current Address 
• City
• State/U.S. Territory 
• ZIP Code/Postal Code
• Electronic Filing PIN

Hank Schless, Senior Manager, Security Solutions at Lookout, says, "At this time of year, attackers will pose as members of the IRS to socially engineer employees into sharing sensitive tax-related information such as social security numbers or bank account information." 

Schless adds, “Security teams should be protecting employees across all endpoints to ensure they don’t fall victim to a phishing attack or download a malicious attachment that compromises the organization’s entire security posture. These scams are most effective on mobile devices, and attackers know that and are creating phishing campaigns like this to take advantage of the mobile interface that makes it hard to spot a malicious message. People access their work email on a smartphone or tablet just as much as they do on a computer. Any text, email, WhatsApp message, or communication that creates a time-sensitive situation should be a red flag. Employees should approach these messages with extreme caution or go straight to their IT and security teams to validate it.”

Focus on HMRC as Many Targeted Through an Email Phishing Campaign




A new phishing attack discovered by Malwarebytes is said to be from under a new campaign, utilizing an old trick with an end goal to steal login credentials, payment details and other sensitive data from victims by claiming to offer them a tax refund which must be asserted online.

The mail claims to be from the UK government's tax office, HMRC, informing the potential user victims that they're due a tax refund of £542.94 "directly" onto their credit card. The attackers apparently snare the users by offering tax refunds. In order to pressure the users they additionally give due dates in their mails to claim said refunds.

The phishing email claiming to be from HMRC.

Apparently, the scam begins by requesting for the user to tap on an offered link to the "gateway portal" and thusly, they reach another page that seems like Microsoft Outlook. Here, the user will enter their email and password to the login portal. Starting here, the attackers access the email login credentials.

Thereafter, the client reaches a fake HMRC portal that displays a form. A deceived user would unknowingly handover their passwords and email, in this way falling a prey to the hackers. Further they enter more personal information such as, users' name, contact address, contact number, date of birth, a typical secret question for most records and card details.

So to say, Tax scams have become a rather basic methods for cyber criminals endeavoring to blackmail data or cash from victims as when people get enticed by the possibility of receiving money, they frequently bring down their safeguards - even by low-level attacks like this phishing trick: HMRC states it will never offer a reimbursement or request personal data by means of an email.

Chris Boyd, lead malware intelligence analyst at Malwarebytes says,

“These attacks can afford to be crude, as the main pressure point is the temptation of an easy cash windfall tied to a tight deadline. Not knowing that HMRC don't issue refund notifications in this manner would also contribute to people submitting details,"

In any case it is prescribed to remain shielded from such attacks, and ensuring that the user in every case double checks the sender's address before opening emails, in this way abstaining from following direct links and signing in to a site specifically.