News

IT NEWS

Get a head start on defending against tax scams

It may not be tax season in your part of the world right now but you’ll no doubt be pleased to know a prolific tax scammer is on their way to jail for 20 years. If you’re annoyed by tax scam missives, or had the misfortune to hand money over, this is probably satisfying news.

Between 2013 and 2016, Hitesh Patel ran a particularly sophisticated operation. His tax ring called from centers in India, splitting their time between pretending to be the IRS and the US Immigration Services.

Breaking down the scam

Tax scammers typically threaten to revoke a victim’s visa status unless fictitious amounts of money are paid. The scams can range from crude cons, to sophisticated techniques where documents or devices are stolen, and fake websites created.  Those websites then claim to be official Government pages with all the victim’s (stolen) data on them. If the victim doesn’t pay the fake “fine”, they’re threatened with false deportation and imprisonment.

We can assume the fictional USCIS officers would’ve made similar, tax-centric immigration style threats to potential victims. However they did it, money from victims found its way into an elaborate fraud network. Victims are told to wire funds or purchase reloadable cards. US based “runners” then set about liquidating/laundering the money in its newfound forms. Reloadable cards are popular, and a great target for scammers generally. See endnote 50 on this article about how workers get paid for more details.

Between 2013 and 2016, the people at the heart of this scam made millions from their victims. 24 of 60 people charged involved in the scam have been found guilty. The guy at the top pleaded guilty to a wide variety of crimes, including access device fraud, money laundering, impersonation of a federal officer/employee, general conspiracy to commit identification fraud, and wire fraud conspiracy.

Avoiding the tax scammers

As above, be very cautious around claims of immigration fraud or money owed no matter what reasons are given. Contact relevant immigration authorities directly using known/trusted details or go through your immigration adviser, should you have one.

Avoid missives in your mailbox mentioning mystery refunds, late payments, or “unlock fees” to re-access your online account. Take a similar approach should the tax organisation you deal with be suddenly asking for your login details. There’s no good reason at all why they’d be asking for these details.

Additional lockdowns

Many government tax services offer online portals, and a fair few of those permit additional security protocols. UKGOV’s HMRC portal, for example, is happy for you to use 2FA to keep details secure. Scammers tend to know this and will rely on potential victims using text-based 2FA. This method is vulnerable to “SIM swap” attacks, where scammers trick support staff into porting your mobile number to their own SIM. This means the next time a 2FA code is sent, it’ll go to the fraudster and not the potential victim.

If you’re using an authentication app instead of text codes, this is no longer a problem. Even if someone has grabbed your logins by some other method, they won’t be able to do anything with them. You can go change everything without the imminent threat of someone checking out the nitty-gritty of your account.

If 2FA isn’t available at all, then you’ll need to follow the usual best practices regarding passwords. Perhaps ask the relevant organisation when 2FA may be implemented. Not ideal, but it’s something proactive to get on with while you wait for them to fill the 2FA void.

Forewarned is forearmed

As you may be aware, tax season is almost upon us in many places. Whether it begins in January, April, or another month altogether? It’s worth digging into the online portion of your tax services. See what’s secure, what isn’t, and where the organisation you deal with could perhaps stand to make some improvements.

Scammers are out there making big bucks, and they don’t care who gets crushed in their dash for cash. It’s inevitable that plenty more groups are gearing up for tax time in the few weeks’ quiet before the storm. Start laying down some plans and ground-rules now.

It’s just possible you may help keep both yourself and others safe when the scam wave breaks.

The post Get a head start on defending against tax scams appeared first on Malwarebytes Labs.