Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Tax Season. Show all posts
Tax Season
Cyber Fraud Identity Protection IRS PIN personal data safety secure tax filing Tax Fraud Tax Scams Tax Season

Protect Your Tax Return from Fraud: Here's What You Need to Know

 


Tax Season 2025: Protect Yourself from Fraud with an Identity Protection PIN

A new year marks the start of another tax season, bringing with it the usual challenges of navigating the complex US tax code and avoiding scams. One particularly concerning scam involves fraudsters filing a tax return in your name to claim a refund. Many victims only realize they've been targeted when they attempt to file their own return, uncovering a complicated issue that can take weeks or even months to resolve.

The risk of tax-related identity theft is elevated this year due to a series of high-profile data breaches in 2024. Personal information, including Social Security numbers, has become more accessible on the dark web, providing fraudsters with the tools they need to exploit unsuspecting taxpayers. As tax season progresses, this vulnerability becomes a significant concern for individuals and businesses alike.

How the IRS’s Identity Protection PIN Can Help

To combat this type of fraud, the IRS offers a proactive solution: the Identity Protection PIN (IP PIN). This six-digit PIN acts as a layer of authentication to ensure that only your legitimate tax return is accepted. If a return is filed without the correct IP PIN, it will be rejected, preventing unauthorized filings in your name.

Initially, the IP PIN program was limited to victims of identity theft or those flagged by the IRS as high-risk individuals. However, the program has now been expanded to all taxpayers who wish to voluntarily enroll. The process is straightforward and can be completed in three ways:

  • Online: Use the government’s ID.me service to verify your identity. This option typically takes 15–20 minutes.
  • By Mail: Submit a paper application to the IRS.
  • In-Person: Schedule an appointment at an IRS office for identity verification.

Once enrolled, your IP PIN is valid for one year and cannot be reused. Each year, you can opt to receive a new PIN, providing an added layer of security. This feature prevents fraudsters from exploiting a stolen PIN even after its use in a prior tax season.

Best Practices for Taxpayers

For most taxpayers, opting for an annually renewed IP PIN is the ideal choice. This ensures you have updated protection each year without the need to manage multiple PINs simultaneously. If you ever misplace your PIN, you can retrieve it by logging into your IRS account using your ID.me credentials. To streamline this process, consider using a password manager to securely store your account credentials, including a strong, unique password for your government account.

By adopting these best practices, you can reduce the stress of tax season and protect yourself against fraud. For more information, visit the IRS’s FAQ page on the Identity Protection PIN program. This simple yet effective system offers much-needed peace of mind during the often overwhelming task of filing your US tax return.

Read more »
Tax Season
Cobalt Strike Conti Emotnet Fraud Mails malware Ransomware Spam spammers Tax Season

Emotet Malware Campaign Masquerades the IRS for 2022 Tax Season

 

The Emotet malware botnet is taking advantage of the 2022 tax season in the United States by mailing out fraudulent emails posing as the Internal Revenue Service, which is supposed to be issuing tax forms or federal returns. 

Emotet is a malware infection spread via phishing emails with malicious macros attached to Word or Excel documents. When the user opens these documents, they will be misled into allowing macros that will install the Emotet malware on the device. Emotet will capture victims' emails to use in future reply-chain attacks, send more spam emails, and eventually install other malware that could lead to a Conti ransomware assault on the targeted network once it is implemented. 

Researchers have discovered various phishing attempts masquerading the Internet Revenue Service (IRS.gov) that use lures relevant to the 2022 US tax season, according to a recent analysis by email security firm Cofense. These emails ostensibly come from the IRS, and they claim to be sending the recipient their 2021 Tax Return, W-9 forms, and other tax documents that are often needed during tax season. 

While the subject lines and content of IRS-themed emails vary, the fundamental notion is that the IRS is contacting the company with either finished tax forms or ones that one must fill out and return. Zip files or HTML pages that lead to zip files are attached to the emails and are password-protected to avoid detection by secure email gateways. Third-party archive programs like 7-Zip, on the other hand, have no trouble extracting the files. 

A 'W-9 form.xslm' Excel file is included in the zip files, and when viewed, it prompts the user to click the "Enable Editing" and "Enable Content" buttons to see the document correctly. When a user clicks one of these buttons, malicious macros are launched, downloading and installing the Emotet virus from hacked WordPress sites. Once Emotet is loaded, it will download further payloads, which in recent campaigns have mostly been Cobalt Strike. 

Emotet has also dropped the SystemBC remote access Trojan, according to Cryptolaemus, an Emotet research organisation. With the Conti Ransomware gang now developing Emotet, all businesses, large and small, should be on the watch for these phishing tactics, which can escalate to ransomware assaults and data theft. It's important to remember that the IRS never sends unsolicited emails and only communicates via postal mail. As a result, if anyone receives an email from the IRS purporting to be from the IRS, flag it as spam and delete it.
Read more »
Subscribe to: Posts (Atom)