Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Share Post: Reddit Facebook
Fraudsters Build Up Phishing Repertoire for 2021 Tax Season.
#1
https://hotforsecurity.bitdefender.com/b...25255.html   
Alina Bizga
Alerts • Digital Privacy
Fraudsters Build Up Phishing Repertoire for 2021 Tax Season. Are You Ready?
5 days ago
4 Min Read
As millions of US taxpayers prepare for 2021 tax season, hordes of fraudsters and scammers are preparing to rip off residents and non-residents alike.

Fraudsters had an early start anticipating the buzz surrounding tax filing season, with phishing campaigns impersonating the government agency as early as November 25, 2020, according to Bitdefender Antispam Lab.

Spikes in IRS-related phishing scams were noticed January 19 and 21 when most the incoming agency-related correspondence was marked as spam.

This warm-up was no coincidence, since the 2020 fiscal year raked in $2.3 billion in tax fraud, according to the agency’s annual report.

Identity thieves used stolen Social Security numbers and other personally identifiable information (PII) to file early tax returns in the name of legitimate taxpayers, or used petty scare tactics to frighten recipients into making immediate payments to avoid arrest or deportation.

Know the digital you to protect the real you with Bitdefender’s Digital Identity Protection tool.

Identity thieves use fake W-8BEN Forms to targets non-residents once again

Fraudsters are targeting non-residents in the US using a fake version of the W-8BEN Form (Certificate of Foreign Status of Beneficial Owner for United States Tax Withholding and Reporting) to steal sensitive data.

This version of the scam has been spotted over 80,000 times since November 25, 2020, with with more noticeable spikes expected to hit inboxes up until the April 15 deadline.

Unlike traditional phishing, which requires recipients to access a spoofed website or download a malicious attachment, scammers have set up a fake fax number where recipients must forward their information. You don’t access a malicious attachment or link. The fake version will tell you to provide particular information not included in the legitimate W-8BEN US tax exemption document, such as your passport number, profession, mother’s maiden name, bank account name and number and investments.

Fake version of the W-8BEN form

The genuine format of the tax exemption document looks like this:

Original W-8BEN form version

shows that it also targets US citizens, who are also asked to return it alongside a copy of their passport within 7 working days.

“If you are a USA Citizen and resident, this W-8BEN Form is not mean for you, please indicate USA Citizen/Resident on the form and return it to us,” the email reads. “We shall then send you a form W9095.” The W9095 form referred to in the body of the email does not exist. It’s merely used to deceive unsuspecting taxpayers.

IRS phishing email sample

Other IRS impersonation scams

Fraudsters have also recycled older versions of IRS impersonation scams by leveraging the Economic Impact Payments as part ofThe Coronavirus Aid, Relief, and Economic Security (CARES) Act.

In one version, targets are sent an email notifying them they are eligible for a second Economic Impact Payment and asked to submit their deposit details. The email also includes an attachment, claiming to outline the necessary steps and information for taxpayers. Once accessed, it will infect the recipient’s device with credential-stealing malware.

IRS coronavirus tax relief scam

A separate phishing email impersonating acting IRS Commissioner Charles P. Rettig attempts to dupe recipients into paying a one-time fee to receive over $10 million in funding.

IRS Commissioner Impersonation scam

How to spot and protect against IRS impersonation scams

Despite multiple IRS awareness campaigns run by the IRS, fraudsters and identity thieves continue to scam taxpayers across the country. You can easily check the validity of IRS-related correspondence by keeping in mind that:

    The IRS will not ask you for down payments or fees to receive your refunds early
    The agency will not contact you via electronic mail, text messages or social media to request your personal or financial information
    IRS agents will not seek out citizens and bully them into paying for expedited tax returns

On top of a dedicated security solution that can protect you against phishing and malware attacks, good cyber hygiene is key to avoid becoming another identity theft statistic this year:

    Don’t respond to unsolicited correspondence posing as legitimate IRS notifications
    Never provide banking information, PIN codes or passwords
    Check the email for spelling and grammar mistakes
    Do not open attachments or click on embedded links
    When in doubt, visit the IRS official website for additional information
    Report any suspicious activity via the dedicated IRS Scam reporting tool
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Fraudsters Using Telegram API to Harvest Credentials Bjyda 0 1,045 02-23-2021 , 11:25 PM
Last Post: Bjyda
  HTTPS Phishing Page | Apple.com | Phishing Scam baziroll 0 2,737 04-21-2017 , 01:20 PM
Last Post: baziroll



Users browsing this thread: 1 Guest(s)