Tax season is upon us and that means the bad guys will be getting very busy over the next few months. Tax season is historically a golden opportunity for malicious actors to scam victims out of their tax refunds as well as their very identities. Two known scams are below.
Spoofed IRS Form W-8BEN-E
We’ve already seen the first scam, which sees the bad guys impersonating the IRS through a malicious phishing email. This email, which purports to be from the IRS, directs unwitting victims to fill out a spoofed IRS Form W-8BEN-E in order to claim a tax refund.
Don’t fall for it. Anyone filling out and returning that fraudulent form will be giving up everything the bad guys need to know to steal your identity, claim your actual tax refund from the IRS, and drain your bank accounts.
Always be suspicious of email claiming to be from the IRS. It’s also smart to familiarize yourself with the range of tax season scams that could be directed at you and your co-workers. (Copy and paste this link into your browser for more information: https://www.irs.gov/uac/tax-scams-consumer-alerts)
This is what a real W-8BEN-E form should look like:
IRS Issues Warning On New Tax Phishing Attack
ALERT: Tax season scams are starting early this year and the bad guys are getting smarter by the month. The current scam works in two steps so watch out for possibly bogus emails for your tax information.
STEP 1: Cybercriminals are sending emails, posing as potential clients, and interested in services from tax professionals. The tax preparer responds, and the bad guys send a second email with a malicious attachment. The tax preparer falls for this social engineering attack and that compromises the machine and now the bad guys “own” the tax preparer’s computer.
STEP 2: The bad guys now use the tax pro’s computer to send out legit looking emails to all the tax pro’ clients and get their financial records sent over to their own email address, so they can quickly file a fake tax return and pocket the money, using the illegally obtained information.
So, when you get any email about your taxes, or your W2 from literally anybody, whether you know them or not, pick up the phone and verify with your known, trusted tax preparer that they actually sent you that email. If you send tax information via email, triple-check that the email address you are sending this to is correct and type it in
yourself in the “To” field.
NEVER click on “reply” and attach your tax information, because that reply email address might be spoofed. Want to be 100% safe? Hand-carry your tax info to your preparer and do the tax return in person with them.
Copy/Paste this address into your browser for the IRS site, with more tax scams you need to watch out for:
Copy/Paste this address into your browser for what to do to get your money back if your tax refund already *has* been stolen:
Let’s stay safe out there.
Think Before You Click!