Threat Intelligence

    Be Aware: Tax Scam Season in the U.S. is Extended This Year

    Tax scams appear every spring—but the threats will persist longer this year because the U.S. filing deadline has been extended to July 15, 2020.

    by Samuel Greengard

    Key Points

    • Because tax filing deadlines have been pushed back this year due to the COVID-19 pandemic, scammers have an extended period to commit tax related crimes online and through email.
    • Typical scams including identity fraud, including filing fake returns to obtain a refund, email scams demanding tax payments or fees, and stealing credentials through phishing attempts.
    • Phishing awareness training and security technology can be used to help identify and prevent tax fraud attempts.

    Each year, malicious attackers launch email phishing scams and other cyber threats ahead of the annual tax filing deadlines, with the goal of committing fraud or identity theft. This year, with U.S. tax deadlines extended to July 15, 2020 due to the coronavirus pandemic, companies and individuals are likely to find themselves under assault longer—and in new and deceptive ways.

    According to the U.S. Secret Service, tax scams and other forms of identity fraud costs U.S. citizens at least $1.9 billion annually.[1] Common tactics include filing fake tax returns in order to obtain a refund, demanding a payment to stop legal action, and requesting a fee to speed a refund. However, this activity isn’t limited to the U.S. – attackers conduct tax scams in the UK and elsewhere, too.

    This year, criminals are also trying to prey on users’ financial concerns by sending fake emails appearing to be from the IRS and focusing on COVID-19 related financial stimulus checks or loans.[2] The coronavirus has spawned a broader surge in malicious activity: analysis by Mimecast found a 33.5% increase in impersonation attacks and a 35% increase in malware. As the U.S. Secret Service put it, “Tax season along with the latest COVID-19 scams provide an ideal environment for criminals to take advantage of law-abiding citizens.”[3]

    How Attackers Commit Tax-Related Cyber Crimes

    Cyber thieves typically use phone calls, voicemail, e-mail or text messages to commit fraud. Many use email phishing scams that rely on social engineering techniques to trick recipients into clicking links that install malware or steal data. They pose as the IRS, banks and other legitimate entities—and they often include authentic looking logos. In fact, Mimecast identified 550+ suspicious websites impersonating the IRS. In some cases, they also pose as tax preparers.[4]

    For example, clicking on a link in a phishing email may result in an attempt to install malware that plucks sensitive data from the user’s system. Or it may take the victim to a fake official website that encourages users to enter personal information such as Social Security numbers, Tax ID numbers, and bank or credit information.[5]

    Here are some common methods cybercriminals use:

    • The sender promises to provide a tax refund or stimulus check more quickly for a small fee, or claims that he or she needs to verify personal information in order to issue a check.
    • A thief impersonates an IRS agent or claims to represent another federal agency and says that certain information is required to process a return or refund.
    • A phone caller claims that without an immediate tax payment you will be arrested and jailed.
    • A crook asks you to fill out a legitimate IRS form, but modifies the form to capture private data.
    • A criminal tries to get you to divulge sensitive information by claiming they are conducting a survey or posing as a tax preparer. This could lead to future tax fraud or help a crook grab information necessary to steal a refund.

    Indicators that Tax Fraud Has Already Occurred

    A variety of warning signs may suggest that criminals have already attempted or succeeded in filing a false tax return or stealing an individual’s identity. These include receiving messages from the IRS about tax returns or other documents you didn’t file, being unable to file a tax return due to a “duplicate” Social Security Number, and receiving unrequested tax transcripts or notices that an account has been opened or closed when you or your company didn’t initiate the action.[6]

    Identifying Fake Communications

    Here are some ways to identify fraud attempts in emails or phone calls, according to the IRS:[7]

    • IRS agents don’t call or text.
    • The agency doesn’t send threatening, prerecorded voicemail messages.
    • The IRS doesn’t demand any specific payment method, such as a debit card, wire transfer or gift card. In addition, check all phone numbers and addresses with the official IRS website before sending any payments.
    • The IRS doesn’t take credit or debit cards payments by phone.
    • The IRS doesn’t use local police, immigration officers or other law enforcement agencies to arrest people for not paying debt.
    • It won’t revoke a state license, such as a driver’s license, or immigration status.

    Conduct Phishing Awareness Training

    Human error is a factor in 90% of breaches.[8] Though that’s a troubling statistic, it also means there’s an opportunity to significantly improve cyber security by providing phishing awareness training to all employees. Training can help employees spot typical indicators of malicious activity, such as misspellings or an inauthentic tone in messages. It also encourages employees to practice safe cyber behavior, such as hovering the cursor over a URL to see if it’s from the purported sender, and navigating directly to a website instead of clicking on a link.

    Instruct employees to report suspicious calls and e-mails. It’s a good idea to create a reporting tool for potentially dangerous calls, emails and other messages.

    Use Technology to Thwart Tax Scams

    A range of technologies can help to reduce the likelihood of tax scams and other fraud attempts.

    • Businesses should establish controls and secondary approval for all significant payments or transfers. Otherwise, a single unwitting employee could succumb to an illegitimate demand for unpaid taxes.
    • Employ multi-factor authentication (MFA), which can help thwart cyber criminals even if they have obtained a password through illegitimate means.
    • Use virtual private networks (VPNs) and other encryption tools to help protect data at rest and in motion.
    • Sophisticated threat protection tools can spot misspellings and block bad links before someone clicks on them. These services also whitelist and blacklist sites and senders. Malware scanners and antivirus software can spot many viruses and other infections.
    • Ensure that all enterprise and personal software are up-to-date and patched.
    • Consider using phone apps that screen calls and flash warning messages when a potentially dangerous call arrives. Check with your phone service provider about additional tools that detect and block nuisance calls.

    File a Tax Return as Early as Possible.

    To minimize the chance of tax scams, businesses and individuals should file their taxes as soon as possible. This helps prevents criminals from filing a fraudulent return in your name.

    The Bottom Line

    A longer tax season and government stimulus checks have created a larger window of opportunity for crooks attempting to commit tax fraud and other cyber threats. Yet it’s possible to keep things in check—and keep your money safe—with a defensive posture and a focus on technology, processes and phishing awareness.


    [1] “Secret Service Issues Tax Season Alert,” United States Secret Service, Department of Homeland Security.

    [2] “Urging people to watch out for COVID-19, tax scams,”CBS19 News.

    [3] “Secret Service Issues Tax Season Alert,” United States Secret Service, Department of Homeland Security.

    [4] “4 common tax scams and how to protect yourself from falling victim to them,”

    [5] “Phishing and Online Scams,” Internal Revenue Service, U.S. Dept. of the Treasury.

    [6] “Secret Service Issues Tax Season Alert,” United States Secret Service, Department of Homeland Security.

    [7] “Avoid scams: Know the facts on how the IRS contacts taxpayers,” Internal Revenue Service.

    [8] “2017 Cost of Data Breach Study,” Ponemon Institute


    Subscribe to Cyber Resilience Insights for more articles like these

    Get all the latest news and cybersecurity industry analysis delivered right to your inbox

    Sign up successful

    Thank you for signing up to receive updates from our blog

    We will be in touch!

    Haut de la page