The Tax Phishing Season Begins

Many Americans do not think about filing their annual tax return until the April 15th deadline is looming, but for cybercriminals the tax season is already well under way. Tax return fraud is a special form of identity theft, in which the criminal files a fraudulent tax return using stolen personal information, and claiming a large refund. By the time the victim files their own tax return the refund check has already been cashed. For this to work, the criminal has to file the victim’s tax return before the victim does.

First seen in 2008, tax return fraud has reached epidemic proportion in the past few years. The IRS has over 3,000 employees working on identity theft and refund fraud investigation. In spite of that, the IRS reportedly sent out over three million fraudulent refunds in a single year, costing taxpayers an estimated $5.2 billion.

In order to file a fraudulent return the criminal does not need much information – at minimum, a name and social security number. However, as the IRS is tightening up their security, the more personal information that the criminal can obtain, the more likely they are to be able to fool the feds. What better way to persuade someone to fill out the information required for a tax return than by pretending to be the IRS? That may be the reason that Cloudmark has seen so many variants on IRS phishing emails over the past few weeks. Here are some examples:

IRS Phishing Email


IRS Phishing Email


IRS Phishing Email


IRS Phishing Email


IRS Phishing Email


IRS Phishing Email


IRS Phishing Email


IRS Phishing Email


IRS Phishing Email


IRS Phishing Email


IRS Phishing Email

One spammer has taken this idea a step further and is phishing as the popular tax preparation software Turbo Tax. This would give them access to previous year’s tax returns and electronic filing.

Turbo Tax Phishing

At this time of year you should be particularly cautious about any emails purporting to be from the IRS, or any web page that attempts to obtain your social security number. If you filed your last tax return from Florida, Georgia, or the District of Columbia, (or if you have been a victim or tax refund fraud in the past) you can obtain a six digit PIN from the IRS to prevent anyone else filing a return in your name. Once you sign up for this program you can’t withdraw, and a new PIN will be sent to you by postal mail every December, so remember to get your snail mail forwarded if you move!

In recent years Congress has cut funding for IRS enforcement, and mandated the IRS to place more emphasis on customer service, including faster delivery of tax returns. The fact that this has facilitated a new and pernicious form of tax fraud is a fine example of the law of unintended consequences.


One thought on “The Tax Phishing Season Begins”

Leave a Reply

Your email address will not be published. Required fields are marked

Learn More About Cloudmark
Our Products
News and Events
Site Map  •  Privacy Policy  •  ©2002–2017 Cloudmark, Inc.