US taxpayers under massive phishing attacks says IRSby Nikola Strahija on February 20th, 2016 A massive increase of phishing and malware attacks against US taxpayers has been reported. US Internal Revenue Service (IRS) said in an advisory that so far this year a 400% increase can be seen.
The advisory states that the increase can be expected to continue in the build-up of April's tax-filing deadline. In the advisory IRS Commisioner John Koskinen said "Watch out for fraudsters slipping these official-looking emails into inboxes, trying to confuse people at the very time they work on their taxes. We urge people not to click on these emails".
So far this year the IRS has collected 1389 reports of phishing attacks in just under 2 months. This is more than the total for the whole 2014 which ended up having 1361 phishing reports and more than half for 2015 - totaling 2748 reports of taxpayer phishing attacks.
When it comes to taxpayers as targets the attackers try to gather personal information and use it to file fradulent refund claims which are then siphoned off by the criminals.
IRS says that this year they're seeing an increase in spear phishing attacks against another target group - the tax preparers with their Preparer Tax Information Number (PTIN) and credentials. With tax agent information such as that an attacker could be able to gain access into the IRS filing system.
The Internal Revenue Service is warning taxpayers and agents to be wary of any emails asking for personal information or account credentials and to avoid clicking on any links included within emails.
In case an attacker gained access to the IRS filing system it could end up being a catastrophy. A roll-back would be difficult if there aren't mechanisms to spot suspicious activity - either by filing volume, filing speed or other action above/below the norm.
Lets just hope that the email clients used at the IRS are patched up and that the webmail clients don't show HTML - even from "trusted" sources.