Hackers are aware of your unease regarding tax payment, and they are readily taking advantage of it.
A total of more than 6.5 million Social Security Numbers (SSNs) were stolen last year. Stolen social security numbers are rapidly selling on the black market. Hackers use two significant ingredients to pull off their tax fraud - SSN and name. They file taxes in your name by including fake income numbers on a manipulated W-2 form.
Tax fraud has been happening for a very long time. Based on previous cases, hackers could only steal your SSN through someone on the inside. But now, it takes a computer, data, and a few clicks.
The present hacking tactic used now capitalizes on the anxieties of taxpayers. Hackers send spear-phishing emails that purport tax documents, but in the real sense, they are unleashing malware.
They intend to overtake users' computers, steal personal information, reroute and steal tax refunds when they click on the sent links and documents.
This is how the scam works:
Hackers send malicious emails that include tax documents. When the receiver clicks on the email, the documents appear blurry, and they are instructed to click ''enable editing'' on the menu bar. This will allow the malware to run on their computer, and once this is done, hackers can take over the tax filing process and search for personal data.
How Hackers Reroute Tax Deposits
Hackers avoid dealing with the IRS (Internal Revenue Service) directly by tax preparation software. This software puts forms together so they can file dozens in a day. Some fraudsters use only SSNs in a specific zip code or state to avoid raising any alarm at the IRS.
Hackers try to trick users into clicking their spear-phishing emails. Clicking on it releases two access trojans called the Remcos and the NetWire. Those two trojans are called ‘’malware as a service’’.
Sample websites offering these malware service packages can look like regular software companies providing sales, add to cart, promotions, licenses per user, and even service packages buttons. Some hackers even offer their users' support desk if they face any difficulty.
The direct-deposit method used by the IRS has become one of the methods used by hackers to take the money.
Solutions
Payment of tax is a top concern for everyone. But when you get emails insisting that you should click, it is best to investigate further before going ahead. Tax professionals are advised to:
Use stronger passwords with a mix of letters, numbers, and special characters.
Run a deep security scan for malware and viruses.
Avoid clicking or opening links from unknown senders
Educate all staff members
Provide a checklist that would help improve office security and safeguard taxpayer information.
Now the IRS warns that hackers target the computer systems of tax preparers to get the refund directly sent to their account and not to the account of the legitimate tax filer.
This new scam is proof that hackers are now targeting tax professionals. There have been reports on many tax refunds and phishing emails that got some workers to hand over W-2 records to hackers thinking they are the company's CEO.
Conclusion
Hackers reroute the direct deposit of paycheck into accounts. Cybercrooks control these accounts. Avoid emails that look like company surveys and ensure you learn how to detect this kind of fraud.
Hackers start this scam with spear-phishing emails meant to trick people into clicking on links and generating their personal information through malware. The emails are made to look real via the use of social engineering. They might even take the look of an address from a legitimate company.
FOR MORE INFORMATION ON HOW CORE PERFORMANCE CAN BEST HELP YOU WITH YOUR TAX FILING NEEDS, PLEASE CLICK THE BLUE TAB ON THIS PAGE.
THANKS FOR VISITING.