A new IRS phishing scam has been detected that targets tax professionals and taxpayers who hold Hotmail email accounts. The scam has prompted the Internal Revenue Service to issue a warning to Hotmail users to be wary of emails that request personal and financial information.
Each year, cybercriminals target tax payers and attempt to get them to reveal their personal information and Social Security numbers, which are used to file fraudulent tax returns. These scams are usually conducted by email, with massive campaigns conducted delivering many millions of emails. This campaign is no different. The IRS has already received more than 900 complaints from tax payers and tax professionals who have received the malicious emails. However, many tax payers are likely to be fooled by the scam.
The IRS phishing scam involves emails that appear at first glance to have been sent by the IRS. The emails advise users that the IRS will be processing the target’s tax return soon, and that they must click the link and sign into their Microsoft account to view information about their tax return.
Clicking the link directs the user to what appears to be a Microsoft login screen. Users must then confirm their personal information. However, the link directs the user to a malicious website. Any information entered will be used by the IRS impostors to file fraudulent tax returns.
After being alerted to the scam, the IRS shut down the website; however, the attackers are likely to register new websites to continue their campaign. There are likely to be thousands of similar IRS phishing scams sent via email this tax season.
The IRS confirms in its warning that it will never initiate contact via email and does not ask for any personal information via email. If an email is received that appears to be from the IRS, it is likely to be an IRS phishing scam and should be reported to the Internal Revenue Service.
To avoid being scammed this tax season, tax payers and tax professionals should not open email attachments from unknown individuals, should avoid using any hyperlinks sent in emails from unknown individuals, and should treat all links and attachments as suspicious, even if they are sent from known contacts. A spam filter should also be used to prevent the majority of malicious emails from being delivered.