Watch out, IRS Tax Fraud activities on the rise

Pierluigi Paganini March 28, 2016

Security experts and government agencies confirm that IRS Tax Fraud And Phishing campaigns are increasing thanks to new techniques and tools.

Internal Revenue Service tax fraud has reached a peak in the last year, crooks are intensifying their activity adopting new techniques to monetize their efforts.

According to security experts that are monitoring the phenomena, Tax-related phishing activities are increasing in this period.

This is a critical period in the US, the so-called Tax season, that will end on April 18th. In February, an IRS bulletin confirmed that there is a 400 percent surge in tax-related phishing and malware incidents.

“Tax-related phishing is something of an annual phenomenon, but Proofpoint researchers are seeing a degree of sophistication and pervasiveness that sets this year apart,” states a report  published by the Proofpoint firm that analyzes tax fraud trends.

Crooks are trying to exploit new habits of taxpayers, for example their preference for mobile platforms. Security experts observed a mobile-optimized phishing site that appears as a legitimate tax application and that targets mobile users.Proofpoint confirmed to have discovered a number of phishing sites hosted on major providers which were shut down by the ISPs after their discovery.Tax-related frauds are considering an emergency for law enforcement, hundreds of thousands of users are potentially at risk.

Recently, IRS services were abused by cyber criminals to target taxpayers, in May 2015 the Internal Revenue Service suffered a data breach. Hackers “used an online service provided by the agency” to access data for more than 100,000 taxpayers. The IRS issued an official statement on the incident and specified that the compromised system was “Get Transcript.” The Transcript service could be used by taxpayers to get a transcript online or by mail to view their tax account transactions.

In August 2015, the Internal Revenue Service disclosed a new review of its system, revealing that 334,000 taxpayers (more than three times it initially estimated) may be affected by the hack it announced in May.

In February the IRS detected roughly unauthorized attempts using 464,000 unique SSNs, and 101,000 attempts allowed crooks in generating PINs.

The U.S. Internal Revenue Service confirmed that cyber criminals abused the Electronic Filing PIN application running on that allows taxpayers to generate a PIN that they can use to file tax returns online.

Last figures available on the ‘Get Transcript’ hack revealed that 700,000 taxpayers were affected by the data breach, the government experts observed 47 million tax transcripts requested under false pretenses, a worrying phenomenon.

This year, security firms and government agencies are observing some new worrying attacks targeting businesses with W-2 phishing campaigns. W-2 information could be used by fraudsters to file victim’s taxes and request refunds in their name.

The crooks are also trying to monetize tax-related voice-phishing in order to obtain information to use in the fraudulent activities.

The experts are observing an increased interest in criminal ecosystem for stolen information that could be exploited in tax refund fraud. This precious commodity is becoming popular also in the principal black markets in the dark web.

Attackers are using this information to abuse of the IRS’ electronic filing PIN verification system and file a fake return under on the victim’s behalf and requesting the payment through a fraudulent bank account. The FBI confirmed a significant increase of the Stolen Identity Refund Fraud (SIRF), victims of this kind of crimes are specific categories of individuals like homeless and prisoners.

“SIRF is relatively easy to commit and extremely lucrative for criminal actors. While all U.S. taxpayers are susceptible to SIRF, over the past year, criminal actors have targeted specific portions of the population, including: temporary visa holders, the homeless, prisoners, the deceased, low-income individuals, children, senior citizens, and military personnel deployed overseas.” states the FBI.

Another worrying trend observed by ProofPoint is the availability of tax phishing kits that have reached a high level of quality.

These kits are available for sale in the principal black market places and implements a number of features that allows crooks to avoid detection.

“Sophisticated phishing kits custom-made for tax season dramatically boost threat actors across the spectrum to go after the taxpayers. Whether optimized for mobile (in the case of the fake tax preparation software) or “hiding in plain sight,” these kits are powerful tools for cyber criminals. We even observed a kit correctly using SSL, leveraging the secure form-delivery capabilities of the particular service provider they used. Correctly signed certificates make the phishing sites harder to detect for end users, web browsers, and security providers, giving attackers a leg up during tax season—even with commodity kits.”  states ProofPoint.

IRS tax fraud phishing kit

Taxpayers have to be careful, cyber criminals will do every thing to steal their money.


[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs – IRS, Tax Fraud)

[adrotate banner=”5″]

[adrotate banner=”13″]

you might also like

leave a comment