Aggressive scammers are targeting users by impersonating the U.S. Internal Revenue Service (IRS) in e-mails designed to trick potential victims into paying fabricated outstanding amounts related to missed or late payments.
One of the lures of social engineering scams is the use of fear. Cybercriminals will create an email profile to appear to be from a government agency to help strike fear into the victim. Emails will leverage topics similar to late tax payments or cases entered in court with fake case numbers. In fear of prosecution, the victim will write a check or submit payment to the cybercriminals and, unfortunately, learn when it\\\’s too late that it was all a scam.
The IRS and other government agencies will not contact you to request payment through email. If they do, it is usually through certified mail.
To make this scam even more credible, it coincides with the IRS sending out real written demands for outstanding taxes. Tax reporting –and therefore tax payment — season was pushed back six months, with taxes due October 15th. That sets an “impending event” in place – pay up by November 15th. The scammers know this, just as CPAs know it.
The IRS is a fearsome beast to contend with, so the scammers get to leverage the trepidation that Americans feel when they receive an email that\\\’s apparently from the IRS. By combining heightened emotions with a sense of urgency, the attackers created a powerful call to action. Not to mention that since most likely, more people are going to be behind on their taxes due to the pandemic, the scammers will have an even higher hit rate.
The emails themselves are ludicrous, of course, but unfortunately someone is going to fall for them.
It\\\’s a good reminder to consumers that they should always be cautious when they receive an email asking for payment. Here are three simple questions to consider:
Ask yourself –is the sender really who they claim to be? Start by checking the domain name – it’s easy to miss a one-letter mismatch between the sender’s domain and the company domain.
Does the email contain suspicious content? Improper use of grammar or language, multiple spelling mistakes, or a strange layout are all red flags. Hover over any links in the email to see if the links are unusual. If so, don’t click on them!
What are they asking me to do? Always be suspicious anytime an email asks you to do something unexpected, such as provide payment info or confidential log-in credentials. Take a closer look at the sender’s address or content and you’ll usually catch the attack.
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics