The Internal Revenue Service has detected an exponential increase in phishing and malware attacks related to tax that target taxpayers this year, marking one of the highest increases in such incidents.
The phishing and malware campaigns involved existing and fresh tactics such as tried-and-true email phishing, bogus text messages and deceptive attempts meant to make the victims part with their personal information and give it up to hackers pretending otherwise.
IRS officials have vowed to continue to collaborate with its partners and that necessary steps have been taken in order to bolster the security of the processing systems and detect any form of fraud and scam. It is possible that attackers will now use the stolen information to file phony tax returns.
It is worth noting perhaps that in the same period in 2015, there were a little more than 200 incidents of malware and phishing attacks. This time around, the number has increased to more than 1,000. That is why the IRS has since been restless in warning and notifying taxpayers about the incident, or so it says.
The target of the malware and phishing campaigns are primarily personal information that the attackers can use in filing a bogus tax return. The attack methods include scam that spreads emails that contain malicious links leading to websites that contain malware and keyloggers. Keyloggers are another form of malware that learns the strokes of our keys to record information from them such as passwords and usernames.
Also, tax professionals at the IRS have reported another slew of phishing campaigns that want to steal their IRS cyber credentials, including the IRS Tax Professional PTIN System for the same bad intention.
The tactics used in this particular incident seemed to have morphed from previous activities. That is so, according to security experts, because the attackers need to somehow innovate as the old tricks might have already lost their convincing power. For example, the new tricks consist of emails that contain attachments with macros intended to bring Trojan and ransomware to the victims.
Some security vendors are seeing malware and phishing campaigns that are more focused on taking advantage of the tax season only as a bait than stealing tax return money.
These incidents show that the IRS has a long way to go to raise awareness of fraud of this sort. In fact, last year, attackers were able to access some 300,000 accounts of taxpayers, causing a breach to the service’s Get Transcript service.