GREEN Card holders, small business owners, new taxpayers under the age of 25, and older taxpayers over 60 were prime targets for tax refund scams, according to cybersecurity company Fortinet.
The company’s Global Security strategist and researcher, Aamir Lakhani, said cybercriminals assumed that these people might be less informed about tax policies and what to expect, so they may be more vulnerable to emotional manipulation.
“For example, the scammer may claim that the potential victim has missed an important tax deadline and pressure the victim to act quickly,” Lakhani said.
According to Fortinet, tax-return time was open season for cybercrime, and it was likely to be worse this year because so many people were still working from home on various devices connected to unsecured networks. It said that although cybercriminals used other sophisticated tactics to steal information, social engineering scams were low-hanging fruit, especially during tax season.
Lakhani said cybercriminals were out in force, eager to prey on the stress and uncertainty surrounding tax season. Attacks might take the form of phishing email campaigns or phone calls from people claiming to be from the collection agency. To appear legitimate, scammers might use stolen data with personal information.
Cybercriminals use a “spray and pray” model for phishing campaigns. They send thousands of emails, hoping that at least one person will fall victim to the attack. Spear-phishing attacks are a targeted form of phishing that can be more difficult to detect because the emails are personalised to appear as if they were sent by someone the recipient knows.
In the past, spear phishing was challenging to implement, but now some advanced cybercriminals use machine learning and artificial intelligence to execute these attacks more efficiently.
The company said knowing what was normal communication from the tax collector was critical, particularly during tax season. It said that if one encountered an IRS-related phone or email scam, you could report it.
Lakhani said although tax-return season could be stressful, knowing the signs of a social engineering attack could keep one from becoming a victim.
He said by learning how the tax collectors contacted individuals, what constitutes a legitimate message, and what information should be provided, one could stay ahead of cybercriminals and keep their data out of their hands.
The company also warned taxpayers to look for grammatical issues and typos as often phishing emails contained errors that were easy to spot. If a message includes several spelling or grammar errors, odds were good that it is not legitimate.
It said they should be sceptical and always consider any unexpected emails or phone calls claiming to be from the revenue collector or other governmental agencies to be suspect. It said that if one was concerned about the legitimacy of a sender or caller, they should not give the person any information and instead, contact the collector or governmental agency directly to verify the caller's identity.
People were also warned not to share personal information like credit card information over the phone or via email. Scammers may pressure one to do so and try to convince them that something terrible will happen if they do not act immediately. They were advised to hang up or delete the email.
Family and friends should also be warned about such vulnerable attacks. This can be done by sharing cybersecurity information with others and encouraging them to get educated.
BUSINESS REPORT ONLINE