Last Days to File Taxes – Beware of Cybercrime


Thought Leadership

Last Days to File Taxes – Beware of Cybercrime

Fred Touchette

When W2’s started arriving earlier in the year, we saw an increase in the amount of tax-related spam attempting to phish users for sensitive data or infect their PC’s outright.  It’s no surprise then that 2015 has been quite a busy year for tax scams of all sorts.

Early in the year, Intuit (the company that owns the very popular tax software/service Turbo Tax) announced that it was shutting down state tax filing capabilities due to a recent rash of “suspicious” filings. The news came at a time when millions of US citizens were filing federal and state tax returns that resulted in a partial service outage (albeit temporary) for the most used online tax prep software provider in the US. The shutdown came on the heels of Minnesota deciding to stop accepting filings from Turbo Tax due to potential fraudulent activity. A full investigation is still pending but Intuit’s initial response was that the false filings were not a result of a breach of their internal network but rather occurred by some other means.  It stands to reason that the perpetrators may have utilized username/password combos stolen in any of the multitude of recent breaches that were being shared across multiple accounts. Or perhaps they were harvested through one of the many tax-themed phishing campaigns that we see hitting our spam filter on a daily basis.

We have seen hundreds of variants of tax-themed email campaigns attempting to dupe users in the first quarter of 2015. The majority of messages contain malware as an attachment or use a URL that leads to a malicious payload.

More and more users are filing their taxes electronically, and in the eyes of unsuspecting users, an email such as the one pictured below, may look legitimate.


This particular variant is quite simple and instructs the user to follow a link to view a message from the IRS regarding their tax documents. To the average user, these message look exactly like what a tax document email from the IRS should look like, the only problem is…the IRS “does not taxpayer communications through e-mail and won’t send a message about your tax account”. As is customary in these types of the messages the URL will lead to either a malware infection or a phishing landing page.

So, what can you do to stay safe this tax season?


Keep your Browser and Operating System up to date. Both receive frequent updates, many of which include fixes for vulnerabilities that could be used in an attack against an innocent taxpayer. Online fraudsters (a.k.a. “phishers”) will attempt to contact taxpayers via email. Please note: the IRS will never initiate contact with a taxpayer through email. The IRS will never ask you for PIN numbers or credit card information in an email.  Never click on a link, or an attachment, from an unsolicited email. You should never conduct unsecured transactions that include any account or password information over public hotspots including airports, hotels, libraries, restaurants, cafes, or other locations that offer free WiFi. Always and completely log out of sensitive sites. It is possible for an attacker to hijack a session that has been left open. Do not file online using the same computer that your kids do. A good portion of online scams and spam target today's younger generation of Internet users. Remain vigilant and try to use simple logic - if it seems too good to be true, and it is sitting in your inbox, delete it. Especially if it is from someone you did not initiate contact with. Before entering sensitive information into a website, look for the security padlock symbol. Create strong passwords; choose passwords that are complex and utilize a combination of upper and lower case letters, numbers and symbols. Limit Your Exposure Through E-mail and Web. It is perhaps online behavior that bears the most scrutiny. Mitigating the risk through the use of a reliable e-mail and Web filtering solutions are essential.