As the calendar flips towards Tax Day, businesses face an increased risk of tax fraud. This period, marked by the rush to meet the April 15 deadline, not only signals a time of financial reconciliation for many but also heralds a season of heightened vigilance against the tax fraud threat landscape.

The IRS Criminal Investigation’s 2023 Annual Report identified tax fraud schemes totaling $5.5 billion. Similarly, the 2024 Flashpoint Global Threat Intelligence Report found 6,077 breaches in 2023, exposing over 17 billion records, including vital tax information, and nearly 1.9 billion records already compromised in the early months of 2024. The complexity and sophistication of these schemes have only grown, making it crucial for individuals and organizations alike to arm themselves with knowledge and tools to safeguard their data against those who seek to exploit the vulnerabilities of tax season for illicit gain.

This blog dissects the landscape of tax season fraud, focusing on the tactics used by cybercriminals targeting businesses. Expert analysis provides insights into the latest fraudulent strategies and demonstrates how intelligence can serve as a key defense mechanism to protect organizations’ financial and data assets during this vulnerable period.

Rising tax fraud threats

The landscape of tax fraud has undergone a transformation over recent years, marked by an alarming escalation in both the sophistication and volume of schemes unearthed by authorities—the IRS has identified $16.7 billion in tax fraud since 2020.

This number is not merely a reflection of the evolving capabilities of threat actors but also underscores the vast repositories of sensitive data that become particularly accessible during tax season. The period leading up to Tax Day on April 15 becomes a prime window for cybercriminals, who exploit the large volumes of personally identifiable information (PII) exchanged in tax returns and related documents.

Flashpoint’s continuous monitoring and analysis reveals a distressing trend: the number of breaches and exposed records continues to surge. In our 2024 Flashpoint Global Threat Intelligence Report, we identified 6,077 breaches, resulting in over 17 billion exposed records, which includes critical critical tax information and other sensitive data. This year’s early tallies already point to a continued upward trajectory, with nearly 1.9 billion records compromised in the first two months of 2024.

This historical context sets the stage for a tax season that, while a routine annual occurrence for many, also presents a burgeoning opportunity for cybercriminals. As we delve deeper into the nuances of tax season fraud, it becomes increasingly clear that staying informed and adopting a proactive stance is not just advisable but imperative for safeguarding one’s financial well-being in the digital age.

Why tax season is high time for threat actors

Tax season is invariably marked by a heightened exchange of personal and financial information, rendering it an especially lucrative period for cybercriminals. Several factors contribute to making these months a prime target for those looking to exploit vulnerabilities for financial gain.

Data volume

Data volume exchanged during this period is immense. Tax returns and related documents are replete with personally identifiable information (PII), including Social Security numbers, addresses, and detailed financial records. Such information is a goldmine for threat actors, who can use it for a range of malicious activities, from identity theft to intricate tax fraud schemes.

Tight deadlines and communication overwhelm

The deadlines for filing taxes inject a sense of urgency into the process. Individuals and organizations, under the pressure to meet these deadlines, may inadvertently lower their guard, making them more susceptible to scams. This time-sensitive nature of tax season plays into the hands of cybercriminals, who craft clever phishing attempts and other fraudulent activities designed to exploit this haste.

Moreover, increased communication frequency during tax season, from various tax resources including CPAs, the IRS, and HR departments, provides a perfect cover for threat actors. The surge in legitimate communications creates an environment where phishing scams and fraudulent emails can more easily blend in, making it challenging for individuals to discern authentic communications from deceptive ones.

A tax authority stretched thin

Limited resources available to the IRS and other tax-related organizations during this busy period can lead to delays and backlogs. These constraints can inadvertently create openings for fraudsters to exploit, taking advantage of the system’s vulnerabilities to carry out their schemes.

Common tactics employed by threat actors

During tax season, threat actors employ a variety of sophisticated tactics to exploit vulnerabilities. Understanding these methods is crucial for defense:

“Fullz” utilization

• Description: Comprehensive profiles containing personal information.
• Purpose: Used for identity theft and filing fraudulent tax returns.
• Source: Dark web purchases or harvested from data breaches.

Phishing campaigns

• Description: Deceptive emails mimicking legitimate sources like the IRS or HR departments.
• Objective: To trick recipients into divulging sensitive information or downloading malicious attachments.
• Indicator: Unsolicited requests for personal data or unexpected tax-related attachments.

Impersonation tactics

• Description: Pretending to be trusted entities such as tax professionals or financial advisors.
• Goal: To gain trust and solicit sensitive information or payments under false pretenses.
• Red Flag: Requests for sensitive information coming from unverified or suspicious communication channels.

Social engineering

• Description: Psychological manipulation to elicit specific actions or information.
• Techniques: Urgent emails or phone calls creating a false sense of immediacy or threat.
• Defense: Verification of the source and cautious response to unsolicited or unexpected communications.

Malware deployment

• Description: Malicious software hidden in tax-related documents or links.
• Consequence: Compromise of personal computers, leading to data theft and increased vulnerability.
• Prevention: Avoiding clicking on links or downloading attachments from untrusted or unfamiliar sources.

Recognizing and understanding these tactics provides a strong foundation for defending against the varied threats that proliferate during tax season. Vigilance, combined with informed precautions, can significantly reduce the risk of falling victim to these schemes.

Technical exploits and fake tax apps

Tax season extends beyond paperwork and filings to include mobile applications. As convenient as tax-related apps can be, they also present new avenues for cybercriminals to exploit unsuspecting users. Understanding the technical underpinnings of these exploits and the hallmarks of fake tax apps is crucial for safeguarding your financial information.

Decoding the exploit

Cybercriminals often reverse engineer legitimate tax apps to create convincing fakes. This process involves unpacking the app’s APK file, akin to a zip file, to access the DEX files containing the app’s source code in bytecode form. This pseudo code reveals the app’s functionality, including how it handles personal identifiable information (PII) and communicates with servers. With this knowledge, attackers can replicate the app, complete with stolen resources like images and logos, making the fake app look nearly identical to the real one.

Spotting a fake

Even the most convincing fake apps have telltale signs that should alert users to potential threats:

• Excessive Permissions: A tax app should not need access to your contacts, call logs, or admin privileges. If an app asks for more permissions than necessary, it’s a red flag.
• Poor Reviews or Lack of History: Check the app’s reviews and its presence on the app store. New apps with few reviews or a history of poor feedback can be suspicious.
• Mismatched Developer Information: Verify the app’s developer information against the official tax service’s website. Discrepancies here are a major warning sign.

Ensuring secure transactions

To ensure that your tax payments reach their legitimate destination, adhere to the following guidelines:

• Download from Official Sources: Only download tax apps from reputable app stores like Google Play or the Apple App Store, and even then, be vigilant.
• Follow IRS Endorsements: Use tax apps recommended or endorsed by the IRS, often listed on their official website, to ensure legitimacy.
• Double-Check Payment Channels: Before making any payment through a tax app, verify that the payment channel is secure and officially linked to the IRS or your tax preparer.

Protecting against tax fraud

It is imperative for both individuals and organizations to fortify their defenses against the myriad of cyber threats lurking in the digital landscape during tax season. By adopting a proactive stance and implementing best practices, you can significantly mitigate the risk of falling victim to tax season fraud.

Empowering employees with knowledge

Organizations should prioritize educating their workforce on the hallmarks of tax season scams. Regular training sessions can equip employees with the knowledge to recognize phishing attempts, suspicious emails, and other fraudulent activities. Emphasizing the importance of vigilance and caution in handling tax-related communications can create a first line of defense against threat actors.

Leveraging robust security software

The backbone of any cybersecurity strategy lies in the deployment of comprehensive security solutions. Anti-virus and anti-malware software provide essential protection against malicious threats, while regular updates ensure that defenses remain effective against the latest exploits.

Enforcing strong authentication measures

In a time when personal information is frequently compromised, the importance of strong, unique passwords cannot be overstated. Organizations and individuals alike should also implement multi-factor authentication wherever possible, adding an extra layer of security to sensitive accounts and information.

Securing data and communication channels

Protecting the integrity of data and systems involves more than just strong passwords. Utilizing firewalls, encryption, and secure Wi-Fi networks can safeguard sensitive information from unauthorized access. Furthermore, organizations should establish protocols to verify the authenticity of requests for information or payments, especially those that arrive via email or other electronic means.

Staying ahead of emerging tax fraud threats

Staying informed is key. Both individuals and organizations should keep abreast of the latest scams and threat tactics, particularly those targeting the tax season. Adjusting security measures in response to new information can help preempt potential attacks.

Individual vigilance

On a personal level, skepticism can be a powerful tool. Be wary of unsolicited communications claiming to be from the IRS or tax preparation services, and verify any requests for personal information or payments. Filing taxes early can also preempt fraudulent filings by cybercriminals.

Protecting your organization with Flashpoint

Flashpoint provides the threat intelligence necessary to navigate the risks related to tax season fraud. By offering insights into threat actor groups and their tactics, we empower organizations to preempt attacks and safeguard their assets, data, and personnel from the ever-present threat of cybercrime. Request a demo to see our award-winning Flashpoint Ignite platform in action.