How online scammers turn your tax into cash

How online scammers turn your tax into cash

Kaspersky Lab has published a report showing how online fraudsters exploit tax systems to seize staggering amounts of personal information from trusting consumers.

The report, including examples from the U.S., Canada and the UK, as well as other countries: France, Italy, Hungary and Russia, shows how:

By spoofing trusted government agency websites and luring users onto them, phishers are trying to collect enough information to steal both money from victims’ accounts and their digital identity.

In 2016, there were notable spikes in tax-themed online phishing in the months leading up the end of the tax year (April) in Canada, the U.S. and the UK.

In 2017, a growing number of attacks also focused on the months following April, many featuring authentic-looking tax authority websites that promised a tax refund.

Among the information that the fraudsters collect are bank card details (including PIN code), social security number, driver’s license number, address, telephone number, date of birth, mother’s maiden name, and employer. The attackers also retrieve the IP address and system information.

“People trust government websites, and since tax matters generally involve sharing large quantities of personal information, an authentic-looking message asking you to share personal data doesn’t always set off an alarm. Not all taxpayers can recognize a scam when they see one, and even experienced Internet users can be wrong-footed by the promise of a welcome tax refund. We recommend that people treat any online offer of money with a healthy dose of skepticism, and bookmark in their browser the official site of their country’s tax service to help avoid getting hooked by phishers,” said Nadezhda Demidova, Lead Web Content Analyst at Kaspersky Lab.

Kaspersky Lab advice for staying safe:

• Always check the web address when asked to input details – make sure it is the legitimate one and starts with ‘https’, when any personal or financial information is asked for.
  
• Phishers exploit fear and hope. Signs that there could be phishers at work include messages that are unduly threatening (warning of a potential fine or other penalty, for example), those that demand immediate action, which ask for vast amounts of very personal and seemingly irrelevant information, or which simply sound too good to be true.
  
• Don’t click on links in emails from people you don’t know, or in message you weren’t expecting.
  
• If in doubt, check with your tax authority.

The full report, with examples and charts can be found on https://securelist.com/tax-season-phishing/84030/

Source: https://www.kaspersky.com/home-security