The Internal Revenue Service said there’s been a “400 percent surge” in phishing and malware attacks designed to defraud taxpayers this tax season.
The numbers are ugly for taxpayers. As of mid-February, the IRS has already experienced 1,389 incidents, more than half way to eclipsing last year’s total of 2,748 incidents. The 1,026 incidents reported this January are four times the number of incidents reported in January 2015.
The scams come via phone calls, text messages or emails and have been reported across every section of the country, according to the IRS. The scams vary, but the goal is to trick taxpayers into thinking the communications are official – either from the IRS or parts of the tax industry, including software companies.
Typically, the scams seek information related to tax filings, refunds, personal information or PIN information that allows fraudsters to file false tax returns. Emails from scammers may also direct users to “official-looking” websites, or websites that contain malware, which infect computers and allow criminals to access them.
"This dramatic jump in these scams comes at the busiest time of tax season," IRS Commissioner John Koskinen said in a statement. "Watch out for fraudsters slipping these official-looking emails into inboxes, trying to confuse people at the very time they work on their taxes. While more attention has focused on the continuing IRS phone scams, we are deeply worried this increase in email schemes threatens more taxpayers.”
Identity thieves have wreaked havoc on the IRS lately. In early February, officials disclosed that criminals tricked an IRS system into issuing thousands of PINs under the names of taxpayers, allowing them to file false refunds. That attack was made possible by a “bot” that entered stolen Social Security numbers – stolen via other means, like social engineering and other scams – into the IRS’ electronic PIN filing system.
Last year, IRS’ “Get Transcript” service was breached, doling out $42 million in false tax filings and compromising the personal information of several hundred thousand taxpayers. Congress responded by awarding the IRS $290 million to improve network security. The agency would see an additional $90 million in additional funding to combat ID fraud and reduce improper payments under the 2017 budget proposal.