Tax fraud schemes are expected to net scammers $5.7 billion in 2022, more than double the amount of last year, according to the Internal Revenue Service, and there doesn’t appear to be any slowing in sight.

While scams are on the rise, the good news is that the main tactics used by fraudsters remain basically the same, meaning that by understanding the signs of tax fraud and taking measures to combat it, consumers and businesses can make the most of tax season. You can avoid becoming a victim during this. ,

“Threat actors routinely take advantage of tax season,” said Selena Larson, a senior threat intelligence analyst with Proofpoint, an enterprise security company in Sunnyvale, California.

“They know that a large portion of the population will be dealing with the stress and urgency of having to file their taxes correctly and on time,” he told TechNewsWorld. “It is these pressures that make people more vulnerable to tax-themed email offering support or warnings, when it is actually a vessel for fraud.”

“And as tax season is directly related to finances, there is an open window for a big pay day,” she said.

Larson said threat actors are becoming more adept at employing social engineering to prey on people’s fears, emotions and urgency during tax season.

“They will take advantage of the IRS brand and spoof government sites, claiming to be a taxing authority, either to communicate some legitimate piece of required information – such as a change to a form or process – or to attempt to collect payment. ,” she explained.

Data breach fuels growth

Larson also advised consumers and businesses to be aware of fake “tax preparation services.” These types of attacks typically go beyond simple authentication credentials, such as usernames and passwords, he noted, and attempt to steal personal information, including Social Security numbers and bank account information.

“Most tax professionals provide excellent advice and can help people navigate complex tax issues,” IRS Commissioner Danny Werfel said in a statement. “But we continue to see instances where taxpayers are given bad advice by unscrupulous tax preparers who quickly disappear.”

The sheer volume of personal information circulating on the Internet from multiple data breaches has also contributed to the growth of tax fraud.

“There is a lot of information on the Internet that can be used in fraud schemes,” observed Abigail Schoeman, senior team lead with New York City-based Flashpoint, a provider of threat intelligence, threat analysis and incident response services. Which recently released a report on tax fraud.

“A lot of threat actors can collect that information and use it very easily in tax fraud schemes,” she told TechNewsWorld.

“Every year, more sensitive information about people is lost through data breaches and other means,” said Erich Krone, a security awareness advocate at KnowBe4, a security awareness training provider in Clearwater, Fla.

“This allows attackers to have a huge list of people to target, many of whom they have very detailed information about,” he told TechNewsWorld. “This helps these bad actors create more convincing social engineering emails and other communications.”

Threat actors will also recycle information, said Showman’s colleague, Tactical Threat Monitoring Analyst Rebecca McHale. “They can apply for unemployment benefits, then turn around and use that personal identification information for other schemes, including tax fraud,” she told TechNewsWorld.

“They want to earn the most bang for the buck from the compromised PII they hijack and steal for malicious purposes,” she said.

Scams galore

In its report on tax fraud, Flashpoint identified several ways fraudsters try to extort information or money from their targets, including:

  • Phishing. A tried-and-true technique that uses email to trick a target into visiting a malicious website or sharing information on their W-2 form.
  • Refund scams. A fraudster will contact the victim and offer to get them a higher-than-expected refund. When the target gives the scammer all the information needed to file a tax return, the scammer will file the return and send the refund to himself.
  • Filing for false tax credits. When a fraudster files a return for a victim, they will include claims for credits for which the target is ineligible.

“We’ve seen a lot of student tax credits get filed this way,” McHale said. “This would include the Lifetime Learning Credit and the American Opportunity Tax Credit.”

“Students are usually first-time filers and do not have major identity protections established such as an Identity Security PIN and adjusted gross income,” she explained.

Amy Nofziger, director of fraud victim support at AARP, noted that the organization’s Fraud Watch Network helpline continues to receive calls about IRS impostor scams.

“You’ll get a phone call or text saying there’s a problem with your tax refund, and you’re going to be arrested,” he told TechNewsWorld. “The scammers will then demand immediate payment, usually through pre-paid gift cards or other non-traditional forms of payment such as cryptocurrency.”

education is essential

Spear phishing is prevalent during tax season, observed Dror Liver, co-founder of Koro, a cloud-based cybersecurity company based in Tel Aviv, Israel. He told TechNewsWorld, “An attacker impersonates an employee or a vendor, sometimes, even the accounting firm used by the company, asking for data or tax documents that they or So do it for identity theft or do it for ransom.”

He recommended, “In addition to deploying anti-phishing protections, accounting departments should be retrained to identify and report phishing attempts.”

“Ahead of time the simulation will highlight which employees need additional training,” he said. Education can be an important weapon in the fight against tax fraud. “It helps potential victims identify these scams and stay safe,” John Clay, vice president of Threat Intelligence at Trend Micro, told TechNewsWorld.

“Educate your employees about how phishing works,” he advised. “Make sure they are aware of any communication suspicious that involves tax returns and financial transactions and have a process for employees to submit suspicious material to IT for review.”

He also recommended deploying an email message protection solution that uses machine learning and AI to detect spam and phishing emails.

However, fraudsters will not be the only ones who are using AI to further their goals.

“We’ve seen anecdotal talk about artificial intelligence being harnessed to fuel fraud, but it hasn’t been widespread this tax season,” McHale said. “While we haven’t seen it for this tax season, stay tuned. It’s something we’ll be keeping an eye on during next tax season.”

The cyber security research company reported on Tuesday that there has been a significant increase in ransomware and distributed denial-of-service attacks from October to November this year.

NCC Group reported a 41% jump in ransomware attacks in November, from 188 in October to 265, making November the most active month for the malware since April.

During the same period in 2021, the report continued, the increase was lower (4%), but the totals were higher – 314 for October and 328 for November.

The report states that the Conti and Payasa gangs probably contributed heavily to the ransomware threat landscape at that time. Both the gangs have either disbanded or are now separate.

Seasonal changes in ransomware attacks are common, noted Marcus Smiley, CEO of Epoch Concepts, an IT solutions provider based in Littleton, Colo.

“Ransomware attacks have increased during the holiday season since at least 2018,” Smiley told TechNewsWorld.

“The simplest explanation is that companies cease operations at the end of the year, making them less vulnerable to cyberattacks than usual,” he said. “This is a logical time to launch new ransomware campaigns.”

“There’s definitely an increased risk of attacks during the holiday season,” said Morgan Demboski, a threat intelligence analyst with IronNet, a network security company in McLean, VA.

“Threat actors attempt to take advantage of a potentially low cyber security posture and response as employees are out for the holidays,” Demboski told TechNewsWorld.

In 2021, there was a decline in ransomware attacks in the fourth quarter as threat actors focused on quality, not quantity, James McQuigan said. A security awareness advocate at KnowBe4, a security awareness training provider in Clearwater, Fla.

“However, this year, there has been an increase in attacks targeting the health care, education and retail sectors,” McQuigan told TechNewsWorld.

A malware for all seasons

In general, attacks can often be tracked back to specific time periods, which makes it difficult to mix them with expected, legitimate communications or maximize the chances of a large payout, explained Mark Guntrip, Senior Director of Cyber ​​Security Strategy at Menlo Security. make capable. , a cyber security company in Mountain View, California.

“Attacks against agricultural companies at harvest time have drawn warnings from the FBI,” Guntrip told TechNewsworld. “There have also been attacks against game makers close to a big launch and candy makers before Halloween and the holidays.”

While there can be seasonal spikes in ransomware attacks, experts say the practice will continue to increase no matter the time of year.

Ransomware Regional Analysis – November 2022

Chart of ransomware attacks by region in November 2022

As seen throughout the year, the top two regions globally targeted by ransomware in November were North America, followed by Europe. (Source: NCC Group Monthly Threat Pulse)

“Ransomware attacks have increased and will continue to increase in 2023,” Guntrip said.

“From attacks on critical infrastructure to individual businesses, it is clear that in today’s threat landscape, no one’s system is secure, and cybercriminals show no signs of slowing their efforts,” he said.

“The level of success and subsequent money paid out following an attack is a clear attraction for threat actors to increase their focus on ransomware,” he added.

extortion is gaining popularity

The increased opportunities are contributing to the rise in ransomware attacks, maintained Smiley. “Today’s organizations have more connected surfaces than ever before, thanks to IoT and remote employment,” he added.

Another factor is motive. “With increasing geopolitical conflict around the world, there is more activity on the part of nation-states and politically driven actors,” he observed.

“Yet another factor,” he said, “is the growing number of ransomware-as-a-service groups that offer their services to less sophisticated cybercriminals for a fee.”

Demboski explained that the “as a service” offering makes ransomware a low-effort, low-risk alternative to generating criminal profit.

“The availability of various ransomware families through Ransomware-as-a-Service, combined with other readily available services such as Phishing-as-a-Service and Initial Access Brokers, has created a great opportunity for cyber criminals to acquire credentials and ready-made Buying access has become much easier for organizations, in essence giving them all the necessary ingredients to launch an effective and damaging ransomware attack,” he said.

A troubling trend that will further fuel ransomware attacks is the use of ransomware for extortion.

“With the opening of ransomware in recent months, there have been several cases of ransoms not being collected after payment and data being held hostage for future extortion,” said Timothy Morris, chief security advisor at Tanium. An endpoint management and security platform in Kirkland, Wash.

“It takes into account the extortion trend,” Morris told TechNewsWorld. “This is easier to deal with than the logistics of ransomware keys and the management of encryption/decryption, which can create technical support issues that damage the criminal syndicate’s ‘reputation’ if they go down.”

DDoS attacks are on the rise

As noted in the NCC report, in October, distributed denial-of-service attacks continued to rise, with November seeing 3,648. A major target among them was the United States with 1,543 attacks.

The reasons for the US being the most targeted include the large attack surface and the current geopolitical tensions in the country, which show no signs of easing, the report pointed out.

It added that given the timing, the US strikes could be aimed at disrupting the midterm elections.

NCC’s Global Head of Threat Intelligence, Matt Hull, predicted that DDoS attacks would continue to increase.

“However, as more organizations become aware of the growing threat, it will be interesting to see how malicious actors who execute DDoS attacks are combated,” he said in a statement. “DDoS is not a new attack type, and preventive and defensive measures are more widely available and affordable than ever.”

DDoS Ransomware Isn’t for the Crowd

While denial-of-service attacks were common with some cybercriminal groups, DDoS attacks related to ransomware have decreased, McQuigan said.

“This action may result in the victim organization being blocked from using the Internet to access the Tor network, making it very difficult to make payments,” he explained.

“If they start denying service,” he continued, “that’s to tell the organization that they are still susceptible to other attacks to continue to pose a threat.”

Data breaches seem to be less of a concern than DDoS attacks compared to malware and phishing because DDoS attacks typically do not result in the theft or loss of sensitive data, observed Casey Ellis, CTO and founder of Bugcrowd, an operator of the Internet. Crowdsourced bug bounty platform.

“While DDoS attacks can cause significant disruption to company operations, they do not pose the same risk to the privacy, integrity, or availability of critical data as other types of cyber attacks,” Ellis told TechNewsworld. “DDoS attacks are less sophisticated and easier to defend against than data breaches, malware and phishing attacks.”