14 DAY TRIAL // A massive surge of more than 60% in the number of phishing attacks was observed by the U.S. Internal Revenue Service (IRS) during 2018.
According to the IRS, the scammers targeted taxpayers using wide-spread phishing scams to get their hands on their money and tax data, with successful attacks allowing the crooks to steal a user's tax refunds.
“The holidays and tax season present great opportunities for scam artists to try stealing valuable information through fake emails,” said IRS Commissioner Chuck Rettig.
“Watch your inbox for these sophisticated schemes that try to fool you into thinking they’re from the IRS or our partners in the tax community. Taking a few simple steps can protect yourself during the holiday season and at tax time,” Rettig added.
Between December 3 and 7, during the “National Tax Security Awareness Week,” the IRS issued a number of reminders to both tax professionals and taxpayers with phishing scams and the increase of this type of attacks being the top subject.
While the number of phishing attacks saw a decreasing trend during 2015, 2016, and 2017, the IRS observed an increase of 800 reported phishing scam incidents throughout 2018, with a surge from 1,200 such events in 2017 up to roughly 2,000 from January to October.
Links to malicious websites and malware-ridden attachments are the daily bread of phishing scammers
"One recent malware campaign used a variety of subjects like “IRS Important Notice,” “IRS Taxpayer Notice” and other variations," also stated the IRS. "The phishing emails, which use varying language, demands a payment or threatens to seize the recipient’s tax refund."
Even though cybercriminals have been observed using highly sophisticated malicious attacks while attempting to scam people into giving away their "money, bank account information, passwords, credit cards or Social Security numbers," a large percentage of all victims have handed over their info without being coerced according to the IRS.
This happens because of scammers being able to successfully use information collected from online sources to pose as either a trustworthy organization or individuals that their victims trust.
To mitigate email phishing attacks, users have to be very careful not to click mail hyperlinks and instead go directly to the website, as well as never open email attachments unless they have confirmation from the source that the file is legitimate.