Tax Refund Phishing Scams Still Successful

Despite warnings, citizens are still falling for bogus tax refund scams. The most recent discovery was in the involved hackers posing as government tax office officials. Filers were sent phishing emails promising refunds, roughly in the amount of $710.00 U.S., that would be deposited directly to one’s credit card. That’s a tempting chunk of change for most, and an offer many find too difficult to pass up. Refund scams, especially those emails claiming to be from an “official” entity have been wildly popular among hackers for one simple reason – they work. Although this phishing scam was discovered in the UK, it continues to happen in the U.S. Our own hacking history shows phishing emails claiming to be from the IRS have supplied significant hacker bait. There’s no shortage of warnings on the IRS website about tax-related phishing scams, especially those using email and telephone.

Although it was clearly amateur hour for the UK hackers – the email subject lines were formatted poorly, and the sender’s address had nothing to do with the government – it shows just how easily human nature is tempted. After all, nobody’s perfect, and who wouldn’t want a tax refund they didn’t expect? The hackers’ first tactic was placing a sense of urgency to the refunds, saying they would expire on the same day the phishing email was received. Those who took the bait were redirected to fake web pages. The first looked like a Microsoft Outlook page, requiring log in credentials, including passwords. Once that was stolen, a new page popped up with only boxes to provide some very sensitive information – full credit card details including the security code, date of birth, mother’s maiden name, and more. Quite simply, everything necessary to steal your credentials and money.

It may be difficult to believe someone would fall for such a poorly constructed scam, but the list of email phishing victims continues to grow. In the U.S. as well as the UK, vigilance toward these scams is always needed, and there are some basics to remember should you receive an email promising something too good to be true.

First and foremost, if an offer sounds too good to be true, assume it is. Hackers preying on emotions have no shortage of success. Remember, as far as taxes are concerned in the U.S., the IRS never initiates contact by email or phone. The US mail is the only way you will know the sender is legitimate. As this UK tax scam proved, paying attention to detail is crucial. Always look for poorly written content as well as typos, and always check the sender’s URL address. If others paid attention to these details in the UK, it may have prevented a lot of heartache. It’s certainly no different in the US, where email phishing and tax scams continue to have enormous success despite continued warnings by the IRS. Being vigilant against email phishing is the best route to staying secure, no matter whom the email claims to be from and what the subject line claims to offer.