Tag Archives: Phishing

The Dirty Dozen tax scams: Identity theft, phone scams and phishing schemes, oh my!

Scammers target taxpayers as they prepare their tax returns or hire someone to do so.

Scammers target taxpayers as they prepare their tax returns or hire someone to do so.

It’s that time of the year again – tax season is upon us.

Recently, the Internal Revenue Service wrapped up its annual “Dirty Dozen” list of tax scams. This year, identity theft topped the list, but phone scams and phishing schemes also deserve special mentions. It’s important that taxpayers guard against ploys to steal their personal information, scam them out of money or talk them into engaging in questionable behavior with their taxes. While discussing the topic of tax scams, IRS Commissioner John Koskinen said:

“We are working hard to protect taxpayers from identity theft and other scams this filing season. . .Taxpayers have rights and should not be frightened into providing personal information or money to someone over the phone or in an email. We urge taxpayers to help protect themselves from scams — old and new.”

In addition to releasing the “Dirty Dozen” list, the IRS has also renewed a consumer alert for email schemes. This renewal came after seeing an approximate 400 percent surge in phishing and malware incidents so far this tax season.

We encourage taxpayers to review the list in a special section on IRS.gov and be on the lookout for the many different forms of tax scams. Many of these con games peak during filing season as people prepare their tax returns or hire someone to do so.

Taking a closer look at this year’s “Dirty Dozen” scams

Here‘s what you should keep your eyes open for throughout this tax season:

Identity theft: Taxpayers need to watch out for identity theft — especially around tax time. The IRS continues to aggressively pursue the criminals that file fraudulent returns using someone else’s Social Security number. Though the agency is making progress on this front, taxpayers still need to be extremely careful and do everything they can to avoid being victimized.

Phone scams: Phone calls from criminals impersonating IRS agents remain an ongoing threat to taxpayers. The IRS has seen a surge of these phone scams in recent years as scam artists threaten taxpayers with police arrest, deportation and license revocation, among other things.

Phishing: Taxpayers need to be on guard against fake emails or websites looking to steal personal information. The IRS will never send taxpayers an email about a bill or refund out of the blue, so don’t click on one claiming to be from the IRS.

Return preparer fraud: Be on the lookout for unscrupulous return preparers. The vast majority of tax professionals provide honest high-quality service, but there are some dishonest preparers who set up shop each filing season to perpetrate refund fraud, identity theft and other scams that hurt taxpayers.

Offshore tax avoidance: The recent string of successful enforcement actions against offshore tax cheats and the financial organizations that help them shows that it’s a bad bet to hide money and income offshore. Taxpayers are best served by coming in voluntarily and getting caught up on their tax-filing responsibilities.

Inflated refund claims: Be wary of anyone who asks taxpayers to sign a blank return, promises a big refund before looking at their records, or charges fees based on a percentage of the refund. Scam artists use flyers, ads, phony store fronts and word of mouth via trusted community groups to find victims.

Fake charities: Be on guard against groups masquerading as charitable organizations to attract donations from unsuspecting contributors. Contributors should take a few extra minutes to ensure their hard-earned money goes to legitimate and currently eligible charities.

Falsely padding deductions on returns: Taxpayers should avoid the temptation of falsely inflating deductions or expenses on their returns to under pay what they owe or possibly receive larger refunds.

Excessive claims for business credits: Avoid improperly claiming the fuel tax credit, a tax benefit generally not available to most taxpayers. The credit is generally limited to off-highway business use, including use in farming. Taxpayers should also avoid misuse of the research credit.

Falsifying income to claim credits: Don’t invent income to wrongly qualify for tax credits, such as the Earned Income Tax Credit. Taxpayers are sometimes talked into doing this by scam artists. This scam can lead to taxpayers facing big bills to pay back taxes, interest and penalties and in some cases, criminal prosecution.

Abusive tax shelters: Don’t use abusive tax structures to avoid paying taxes. The vast majority of taxpayers pay their fair share, and everyone should be on the lookout for people peddling tax shelters that sound too good to be true. When in doubt, taxpayers should seek an independent opinion regarding complex products they are offered.

Frivolous tax arguments: Don’t use frivolous tax arguments in an effort to avoid paying tax. Promoters of frivolous schemes encourage taxpayers to make unreasonable and outlandish claims even though they are wrong and have been repeatedly thrown out of court. The penalty for filing a frivolous tax return is $5,000.

Proceed with caution while filing taxes

Perpetrators of illegal scams can face significant penalties and interest and possible criminal prosecution. IRS Criminal Investigation works closely with the Department of Justice to shut down scams and prosecute the criminals behind them. Taxpayers should remember that they are legally responsible for what is on their tax return even if it is prepared by someone else. Be sure the preparer is up to the task.

For more information about tax scams, check out the IRS on YouTube.


Follow Avast on FacebookTwitterYouTube, and Google+ where we keep you updated on cybersecurity news every day.

Top 10 Phishing Emails to look out for this Holiday Shopping Season

Black Friday and Cyber Monday are huge shopping occasions, not only in the US but across the world. Last year it was reported that the US spending over Thanksgiving reached an all time high with $89 billion being spent online.

Email campaigns offering deals and discounts are commonplace these days and every week retailers try to tempt me with discounts in an attempt to generate online sales. This dynamic method of communicating means that offers can be targeted based on my purchase history and the preferences I may have shared with the retailer.

On my shopping list this year are things I’ve been holding back purchasing in anticipation of discounts and offers that will surely land in my inbox, or that I might able to find online. One of them is a new laptop for my son.

But there’s also a dark side to some email that arrives in inboxes. Cybercriminals know that we get excited by deals and offers, or need to maintain our online payment methods, and they use this knowledge in an attempt to scam us. Most of us think of this as spam and just delete it, but sometimes it is difficult to identify the real emails from the fake ones.

Recently, I asked our research team which organizations in the US are being impersonated the most in emails. Specifically the ones used in “phishing” emails that attempt to gain access to your accounts, or trick you into providing your credentials so they can steal your hard earned cash.

The list below is compiled by AVG’s Web Threats Team from anonymous data from more than 200 million users and our own spam honeypot system.

  1. American Express
  2. Apple
  3. Bank of America
  4. Chase Bank
  5. Ebay
  6. FedEx, UPS, DHL
  7. Intuit (Taxes)
  8. Paypal
  9. Wells Fargo
  10. Westpac Bank

If you live outside the US then your list will look fairly similar with local banks from your country taking the place of the US banks in this list.

Checking my inbox from last week I count six emails that look like they are from Paypal, inspecting the emails closely I find that two of them are fraudulent phishing emails, both trying to get my login and password.

 

PayPal scam

 

The email looks and feels as though it came from Paypal, but there are some clues that point to its true nature.

 

  • If your email provider or security product, such AVG Internet Security, marked the email as Junk or Spam, then there is a very high probability that it is.
  • Look at the email address that sent the email, does it look correct? The address may include other parts for example [email protected] would be a legitimate address but if the address is [email protected], then this would be incorrect as it needs to be paypal.com on the last part of the address.
  • In the example you can see its asking for incomplete account details to be submitted, I know my account is up to date so why are they asking such questions.
  • Has the email got the mandatory elements that companies need to use, registered office details, unsubscribe options, etc.
  • If you have clicked on it, and you shouldn’t if any of the above are true, then check the URL in the address bar, is the address https://www.paypal.com, is the padlock there and does part of the address go green to show that the site has a valid digital certificate. If no to any of these then close the browser.

If at any point you think the email is spam and fraudulent then do not open or click on any links, just delete the email. Opening the email will download the content which the cybercriminals mark so that they know the email was opened and that your email account is active, they will send you more!

If you did click the link and you have up to date anti-virus software, such as AVG AntiVirus FREE, or AVG AntiVirus FREE for Android, then you should see a detection screen like the one below or your browser may also show a warning screen.

phishing warning

phishing detected

What do you do if you think the email was real and have not clicked or opened it, that’s an easy one. Open your browser and go to paypal.com and login. I am sure if there is important account information they need they will ask for it when you login.

It’s important to have updated Anti-Virus software, as these types of attacks use websites that change and disappear in minutes to try and hide from detection. Having up to date security software gives you the best possible chance of being protected.

All this should not put you off finding that great deal or bargain online, but I hope these tips help you check what you click on or open and visually check it looks real. I know I will be looking for that deal this week and will be delighted if I find it online so I don’t need to join the crowds in store.

 

‘Tis the Season to Shop Online

The holiday season is coming up and we expect that many will opt to shop online to avoid the big crowds in city centers, malls and stores. 

In America, Cyber Monday, the cyber version of shopping day Black Friday, was born in the mid 2000s. Cyber Monday sales have steadily increased since its inception and according to IBM Digital Analytics, sales grew 8.5% in 2014. According to ComScore, purchases are now also being made from smartphones with overall spending from mobile devices in the millions.

Americans aren’t the only ones who have embraced Cyber Monday, many other retailers around the world have come together to offer deals on the Monday after U.S. Thanksgiving and in China, Singles’ Day (November 11th) has become a major ecommerce day with 27,000 online merchants participating in 2014

via v3.co.uk

via v3.co.uk

This is not only an exciting time for online retailers and online shoppers but also for cyber criminals. I spoke with our senior malware analyst, Jaromír Hořejší about how cybercriminals are preparing for Cyber Monday:

Cybercriminals will use the same tactics they always do, but target consumers more during Black Friday with “special” offers via fake email campaigns to trick people into shopping on fraudulent sites to steal their information and money.

It is, therefore, vital you have antivirus installed on all of your devices. Antivirus software, like Avast, will detect and block phishing attacks before they can affect consumers.

Consumers should also make sure all of the software on their devices is up-to-date. Attackers often exploit vulnerabilities, which can be found in outdated software and by exploiting outdated software they can infect your device to then steal your financial information while you shop online.

In addition, consumers should shop at online stores that are known and credible. Credible sites usually use the HTTPS protocol, assuring secure communication. You can recognize if a site is using the HTTPS protocol by the little padlock in the address bar of your browser. If you are on a check out page and you don’t see the HTTPS padlock, do not enter your personal data and financial information!

How to minimize risks while shopping online

  • Use a payment service or your credit card – Experts agree that payment services like PayPal are safe because of their security practices and the encryption technology they use. Link it to a credit card so you get your credit card’s fraud protections in addition to PayPal’s. If you only use a credit card, designate one card for online purchases so if something unusual happens, you don’t have to track down all your other cards.
  • Keep a paper trail – Once you place your order, print or save records of the transaction. Check your credit card statement to make sure transactions match and there were no unauthorized charges.
  • Avoid shopping while using public Wi-Fi – Unsecure public Wi-Fi hotspots do not give you any protection from hackers who want to monitor what you are doing online. It’s not difficult for someone to intercept and modify communications between you and another site. If you have to do it, then use a Virtual Private Network (VPN) so your communications will be encrypted.
  • Use a secure browser – the new premium versions of Avast 2016 include SafeZone browser, which isolates banking and payment sites in a protected space, so users have an extra secure place to bank and pay bills online.

 Follow Avast on Facebook and Twitter  for more security tips, news, and trends.