IRS phishing scam underlines email’s flaws

Reports of fraud from the IRS show email just isn't as safe as many might think. 

Share This Post

The Internal Revenue Service is having a major problem with fraud. The agency has discovered that phishing and malware-related attacks have increased 400 percent over the previous year. Considering tax season isn't even at the halfway point, this massive rise in fraud is surprising to say the least.

It appears that the main goal in these scams is to file fraudulent tax returns on the part of their victims. Many people in the U.S. put off their taxes until the last minute, allowing for these cybercriminals to file early and make off with the money before anyone's the wiser. 

People are just giving away information

As it is with the majority of fraud, these scams revolve around human error in order to get the information they need. The IRS has stated that many people have received fraudulent emails, either claiming to be the IRS or some tax software company. The hacker emailing these messages out can then do one of two things: 

The first is the easiest, but perhaps not the most successful. This choice is a pure phishing scheme, where the cybercriminal asks for personally identifiable information such as a Social Security number to "verify" who the recipient is. In reality, the hacker just needs this information in order to file a tax return. 

Phishing for information requires hackers to play the numbers game. Phishing is simple but effective at a large scale.

While this technique is simple and straightforward, it's a lot less refined than other, more sophisticated attacks. The IRS has also noticed that hackers are using fraudulent sites to lure people into downloading malware. These sites look real by every definition, but their sole goal is to download keylogging software and other surveillance programs onto the victim's machine. Once a keylogger is installed, the hacker can monitor everything the victim types, including login credentials. 

Business email compromise is similarly devious

While the IRS's troubles with cybercrime certainly show the security flaws of email, another trend has been observed that is equally terrifying. Business email compromise is a fraudulent technique the FBI has been observing for some time. Basically, these schemes start with a hacker gaining control over an authority figure's email account. This administrator could be the CEO or someone in billing.

"BEC has become a major problem for modern businesses"

Either way, the hacked person is meant to be trustworthy enough so the cybercriminal can ask for a wire transfer for "business purposes" without raising the alarm. Then, the hacker takes the fraudulent transfer out of the account they set up for just this purpose, and then they disappear. BEC has become a major problem for modern businesse, with the average cost of such an event totaling $130,000, according to the FBI. 

What's more, the FBI doesn't even know the full extent of BEC scams. Between 2013 and 2015, reported losses totaled more than $740 million. That's an incredibly high number on its own, but these are only the businesses that decided to come forward. It's impossible to say how much money is really being lost to this scheme, once again showing just how unreliable email is when it comes to a company's security. 

Businesses worried about email fraud should seriously consider fax over IP. Hackers hate faxing because of its innate security protocols and, therefore, they very rarely target fax numbers for their schemes. FoIP is a great way to ensure safety without having to give up ease of document transmission, making it the best of both worlds. 

Enhance enterprise communication, collaboration and compliance efforts with a proven FoIP solution from FaxCore. Contact FaxCore today to learn more about their 'Partly-Cloudy' fax solutions.

More To Explore

Ready to Take a test Drive?

Book your free demo today: