14 DAY TRIAL // The US Internal Revenue Service (IRS) has issued a public advisory, warning US citizens of an avalanche of tax-related malicious emails that are looking to harvest personal user information through phishing campaigns or to spread malware via malicious attachments.
According to the IRS, the situation is quite bad and only in the month of January 2015, the agency received 1,026 reports of tax-related malicious emails, a 400% increase compared to last year when the IRS received only 254 reports of the same type.
The IRS is seeing record-breaking numbers
Barely reaching the middle of the tax season, the trend set in January continued in the first 16 days of February, IRS officials saying they've received 363 reports, compared to the 201 recorded in the entire month of February 2015.
In total, until the middle of February 2016, the IRS says it received 1,389 complaints of tax-themed phishing and malware reports, a number that's unbelievably high for US officials.
The number is so large that it already surpassed 2014's total of 1,361 incidents, and is almost halfway through 2015's total of 2,748. If complaints continue to come at the same rate, the IRS would be collecting more than 11,100 tax-related phishing and malware reports by the end of 2016.
Tax returns are a lucrative business
The purpose of all these phishing emails is to obtain personal and financial user details which can then be used to file for illicit tax returns, or even worse, use in fraudulent transactions.
With so many US citizens preoccupied with doing their taxes, this is the perfect time of year for cybercriminals to launch tax-themed emails. Right now, the majority of Americans have their guard down, being engaged in tax-related conversations with their accountants, lawyers, firms, or even IRS officials.
This gives attackers the perfect cover to launch IRS-themed phishing campaigns that lead users to fake IRS portals where attackers collect their personal info. Additionally, attackers are also using tax-themed emails to deliver file attachments that are actually laced with dangerous malware, ranging from ransomware to banking trojans.
“Phishing emails are designed to create a sense of urgency”
"Phishing email scams are designed to do one thing, fool humans into giving up information that can be used to commit some kind of crime, ranging in everything from data theft to systems compromise to extortion to identity theft," Aaron Higbee, CTO and cofounder of PhishMe told Softpedia.
"Using themes around seasons, such as tax time, often result in heightened levels of success, as recipients are more apt to respond to messages that create a sense of urgency."
"Consumers and employees receive some degree of protection against phishing campaigns via spam filters and other technology layers that are supposed to detect scams before they reach inboxes," Mr. Higbee also explained. "History shows however, that cybercriminals work faster than technology layers, that sooner or later a malicious email will slip through the automation cracks and that a human will be faced with having to determine whether or not they are being targeted in an attack or scheme."
"Consumers and employees need access to conditioning that will allow them to spot and report malicious emails before they result in catastrophe. The security industry can’t continue to assume that additional technology layers are the answer," Mr. Higbee also added, highlighting the crucial role phishing training plays in today's security landscape.
Besides malvertising, phishing campaigns remain the most dangerous threats Internet users face today.
Just last week, Softpedia reported on an automated attack against the IRS' tax filing Web page, when attackers tried to obtain E-filing PINs for over 464,000 Americans, in the hopes of claiming illegal tax returns.