Tax Scams 2020

Hold on to your W-2s and returns because tax season is on the way! As if deductions, exemptions and return distribution wasn’t enough, tax season becomes open season for cybercriminals hunting for sensitive information, credentials and even a direct deposit of your tax returns.

Examples of Tax season phishing scams:

W-2 attachment attack

Attack type: Attachment
Attack objective: Deliver malware
Tax forms – Attachment w/ drive-by link

W-2 phishing attacks come in many shapes and sizes and often strike in January, when employees are waiting to receive their W-2 from their employer. In this phishing email, the attacker baits the victim into clicking a malicious link or downloading a malicious attachment to install malware on their machine.


W-2 business email compromise (BEC) attack

Attack type: BEC
Attack objective: Steal employee or organization information
W-2 Request

example of tax scam email (screenshot)In this W-2 attack, the scammer poses as a manager or executive and targets HR staff to steal the W-2s and personal information of employees. With this BEC attack, the scammer doesn’t need access to a network or business systems. Instead, they only need the victim to reply to the email with the requested information.


Free online access to tax forms

Attack type: Drive by or data entry
Attack objective: Steal employee information or credentials
Tax Form Management Access

Generic offers to access your tax documents are another popular phishing tactic used to redirect victims to a malicious website. These attacks may also redirect the victim to a spoofed login page to steal the victim’s personal information such as their social security number.


Tax preparation software drive by

Attack type: Drive by
Attack objective: Redirect to malicious site
H&R Block – File Your Taxes

example of tax scam email (screenshot)Some scams approach tax season from the opposite direction by impersonating tax preparation software, services or CPAs. These attacks work like most common drive by attacks, but leverage tax season to create urgency with short-term or extravagant offers.


Tax return credential theft

Attack type: Drive by or data entry
Attack objective: Steal employee information or credentials
TurboTax – Return Accepted

In an even more sinister variation to tax preparation scams, some hackers attempt to steal login credentials to access victims’ tax software accounts. Once gaining access, attackers can retrieve personal information and documents or interfere with the victim’s filing process or tax return.


IRS tax notice

Attack type: Attachment, drive by or BEC
Attack objective: Steal employee information or credentials
Tax Notice

example of email tax scam (screenshot)Although the IRS insists it will never contact taxpayers via email, text message or social media, scammers continue to use these tactics to trick victims into clicking malicious links, downloading attachments or even sending payments. Although these attacks peak during tax season, they are frequently used year-round.