Taxpayers and tax professionals are being targeted by scammers posing as the Internal Revenue Service (IRS). The goal of this new IRS tax return phishing scam is to deliver information-stealing malware. The malware harvests credentials that are used to gain access to and empty financial accounts.

web protection

The campaign uses at least two subject lines for the emails – “Electronic Tax Return Reminder” and “Automatic Income Tax Reminder.” The emails contain a hyperlink that directs the user to a website that closely resembles the IRS.gov website. The emails include a one-time password to use to login in to submit a claim for a tax refund.

When the user logs in to the site, they are told that they need to download a file in order to submit their refund. The file is actually keylogging malware which records keystrokes on an infected computer and sends a range of sensitive information to the attackers.

The IRS warning was issued after several taxpayers and tax professionals reported the phishing emails to the IRS. Efforts are ongoing to disrupt the campaign, but the IRS notes that dozens of compromised websites and malicious URLs are being used by the scammers. The IRS is contacting hosting companies to get the websites shut down, but the number of URLs being used makes this a major challenge. As soon as one URL is shut down, there are others to take its place.

The offer of a tax refund or a threat of legal action over tax issues prompts many people to click without first assessing the content of the message and the legitimacy of the request, which is what the scammers are banking on.

The advice of the IRS is never to click on any link in an unsolicited email claiming to be from the IRS. The IRS does not initiate contact with taxpayers by email, text message or social media channels, and no requests are sent for personal information.

The latest warning comes just a couple of months after the IRS and Security Summit partners issued a reminder that all professional tax preparers are required by law – The FTC Safeguards Rule – to implement a written information security plan to ensure the tax information of their clients is properly protected.

The reminder was issued as it had become clear that many tax professionals were unaware of their obligations to implement a security plan to protect client tax data.

There are several required elements of the information security plan:

  • Designate an employee or employees to coordinate the information security plan
  • Conduct a risk analysis to identify risks to the confidentiality of client data
  • Assess the effectiveness of current safeguards
  • Implement, monitor, and test the safeguards program
  • Only use service providers that can maintain appropriate safeguards and oversee the handling of client data
  • Evaluate and update the security program, as appropriate, in response to changes to business practices and operations

The requirements for the information security plan are flexible. For instance, tax preparers can choose the safeguards to implement based on their own circumstances and the findings of their risk analyses.

Two important safeguards that protect businesses from phishing and malware attacks are a spam filter and a web filter. The spam filter protects the email system by identifying and blocking malicious messages such as phishing emails and malspam (malicious spam email), while a web filter blocks web-based attacks and malware downloads. Both of these solutions are highly effective at blocking phishing and malware attacks yet are cheap to implement.

To find out more about how spam filters and web filters can protect your business and help you meet your legal responsibilities contact TitanHQ today.