It’s here again — tax season.
The 2021 tax filing season began February 12, and Americans across the country are filling out paperwork, meeting with their accountants and getting their finances in order before the August 15 deadline.
Complicating an already confusing filing process is the fact that this time of year brings about an abundance of online tax scams. Cybercriminals take advantage of the stress that comes with tax season through sometimes sophisticated phishing scams that can seem like they are either coming from real accountants or IRS officials.
Targeting tax accountants
Last year, TechRepublic reported that hackers were particularly focused on getting people’s sensitive information from tax-related websites, sending malware to accountants.
“If you have the word ‘tax’ in your domain name, you’re a target,” Sherrod DeGrippo, senior director of threat research and detection at Proofpoint, told the security website. “And while the tax-themed email attacks hit businesses in all sectors, we also saw financial firms and construction industries targeted disproportionately.”
DeGrippo added that this isn’t a new phenomenon — everyday Americans have long been the target of phishing emails sent during tax season. Oftentimes, corrupted files and malicious links are included in fake emails that feature realistic company headers and titles. These cybercriminals also find methods to corrupt websites that accounting firms regularly use by way of malicious HTML code hacks.
A new threat this year
This year, a new threat comes in the form of scam emails that impersonate the IRS in an attempt to steal Electronic Filing Identification Numbers (EEFINs), according to Security Magazine.
“Phishing scams are the most common tool used by identity thieves to trick tax professionals into disclosing sensitive information, and we often see increased activity during filing season,” IRS Commissioner Chuck Rettig told the magazine. “Tax professionals must remain vigilant. The scammers are very active and very creative.”
This new scam involves fake emails from “IRS Tax E-Filing” containing subject lines like “Verifying your EEFIN before e-filing.” If you are an accountant receiving this or a taxpayer filing your own taxes, do not follow any of the instructions contained in this kind of email.
How to keep your personal tax information safe
An important rule of thumb with any phishing scam is to not release any personal information to an individual or an organization you are unfamiliar with. Of course, this can be easier said than done. If you’re overwhelmed by an already confusing tax filing process, a realistic, authoritative-sounding email from “the IRS” can easily mislead.
The reason why these cyberattacks are particularly dangerous is that once a criminal gets ahold of your tax information, they can access your personal and financial information, including banking accounts and credit cards.
Make sure you only open links and attachments from trusted, vetted sources. Never share your personal banking information or social security number with a strange organization or individual you don’t recognize. Stay vigilant and safe this tax season.