Security Expert Re: Scammers Impersonate IRS, Threaten Legal Action As Tax Payment Deadline Looms

Aggressive scammers are targeting users by impersonating the U.S. Internal Revenue Service (IRS) in e-mails designed to trick potential victims into paying fabricated outstanding amounts related to missed or late payments. 

Subscribe
Notify of
guest

2 Expert Comments
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
James McQuiggan
James McQuiggan , Security Awareness Advocate
InfoSec Expert
November 11, 2020 10:29 am

One of the lures of social engineering scams is the use of fear. Cybercriminals will create an email profile to appear to be from a government agency to help strike fear into the victim. Emails will leverage topics similar to late tax payments or cases entered in court with fake case numbers. In fear of prosecution, the victim will write a check or submit payment to the cybercriminals and, unfortunately, learn when it\\\’s too late that it was all a scam.

The IRS and other government agencies will not contact you to request payment through email. If they do, it is usually through certified mail.

Last edited 2 years ago by James McQuiggan
Colin Bastable
Colin Bastable , CEO
InfoSec Expert
November 11, 2020 10:25 am

To make this scam even more credible, it coincides with the IRS sending out real written demands for outstanding taxes. Tax reporting –and therefore tax payment — season was pushed back six months, with taxes due October 15th. That sets an “impending event” in place – pay up by November 15th. The scammers know this, just as CPAs know it.

The IRS is a fearsome beast to contend with, so the scammers get to leverage the trepidation that Americans feel when they receive an email that\\\’s apparently from the IRS. By combining heightened emotions with a sense of urgency, the attackers created a powerful call to action. Not to mention that since most likely, more people are going to be behind on their taxes due to the pandemic, the scammers will have an even higher hit rate.

The emails themselves are ludicrous, of course, but unfortunately someone is going to fall for them.

It\\\’s a good reminder to consumers that they should always be cautious when they receive an email asking for payment. Here are three simple questions to consider:

Ask yourself –is the sender really who they claim to be? Start by checking the domain name – it’s easy to miss a one-letter mismatch between the sender’s domain and the company domain.

Does the email contain suspicious content? Improper use of grammar or language, multiple spelling mistakes, or a strange layout are all red flags. Hover over any links in the email to see if the links are unusual. If so, don’t click on them!

What are they asking me to do? Always be suspicious anytime an email asks you to do something unexpected, such as provide payment info or confidential log-in credentials. Take a closer look at the sender’s address or content and you’ll usually catch the attack.

Last edited 2 years ago by Colin Bastable
Information Security Buzz
2
0
Would love your thoughts, please comment.x
()
x