This tax season, the IRS has seen a surge of 400% in phishing emails and malware. Businesses beware, tax season is the most popular time for cybercriminals to push their phishing scams.

These criminals impersonate the IRS in emails hoping to gain personal and financial information from corporations. They try to encourage the recipient of the phishing scam to click a link in an email or website. If personal or financial information is obtained, it is passed on to cybercriminals. Their goal is to make money from this information by filing fraudulent tax returns for refunds. Each year these criminals become more sophisticated in their approach.

Tax Fraud to Watch Out For

Some of the top tax frauds to watch out for this year are:

Your 2015 tax year has been temporarily restricted OR Online Account Locked!

In this scam, recipients receive an email from the IRS stating their account is restricted and they need to enter personal information to gain access. Or an email may come from a popular account software vendor claiming that the account is locked and the recipient needs to enter personal information.

Update Your Tax Filing Information

The recipient receives an email requesting them to update their information. In some cases, the link is replaced by an HTML attachment to escape anti-phishing detection from the browser.

Tax Payment was Deducted From Your Account

This email claims that money was deducted with the receipt attached. If the recipient clicks the receipt, a worm (W32.Golroted) is released gathering computer information, ending processes and gathering passwords. This threat may also take other actions like capture screenshots, log keystrokes and gather clipboard data.

You are eligible to Receive a Tax refund

Sounds great, right? To receive the refund, the recipient needs to provide proof of identity. The request is for a scanned copy of the recipient’s passport to prove the recipient’s identity and the other is a scanned copy of the utility bill, bank statement or credit card statement as proof of address.

Phishing Scheme Involving Payroll and Human Resources Professionals

Scammers seem to enjoy using the IRS as a front for their phishing schemes. Seeing the IRS name commands attention and the expectation of responsiveness. In early March, the IRS issued an alert to payroll and human resources professionals to be on the lookout for emails requesting personal information on employees from fraudsters posing as company executives.

Payroll and human resources professionals have mistakenly sent out social insurance numbers, personal information and form W-2 believing that they were legit requests only to have this information land in the hands of scammers. Numerous companies have been hit by the W-2 scam.

• At the end of February, Seagate was hit. Criminals were able to get W-2 data of 2015 present and former employees.
• On February 28th, Snapchat issued an apology to their employees that there was a security breach. An employee fell victim to a phishing scam and accidently leaked payroll information of current and former employees.
• On March 4th, Mansueto Ventures, publisher of Inc. and Fast Company, fell victim earlier this year to this scam providing employees’ social insurance numbers and salary information to cybercriminals.

Preventing a Security Breach

Everyone must do their part to be vigilant and protect corporate data. The best way to combat cybercriminals is to be proactive.

• Have security software installed on all corporate computers. Ensure that each computer is running in real-time and that the security software updates automatically.
• Back up files daily, weekly, and monthly.
• Share information only on encrypted websites like HTTPS.

How to Respond to Phishing Emails

• Don’t click on any links in the email or open attachments. They could infect your computer with malware.
• Delete the email.
• Don’t give out any corporate data.
• The IRS does not send unsolicited emails, notices of refunds, withdrawals or requests for personal or financial information. These are phishing emails and should be forwarded to phishing@irs.gov.