Think before you click - preventing tax scammer attacks

Stefanie Ellis
By Stefanie Ellis

antifraud | antiphishing | tax scams

Most of us look at our payslips and bemoan the amount the government takes from our wages, but we also understand that the money helps fund public services.

So imagine receiving an email from a government tax collector informing you that you’re entitled to a tax refund – or that you haven’t paid enough and need to do so immediately to avoid legal action. Either will likely elicit a dramatic response, and you might not stop to think before replying.

Fraudsters can use predictable responses to their advantage in phishing scams that hack personal and payment information. As the UK deadline for tax returns has recently passed, it would not be totally unexpected to receive such an email. However, it is worth noting that no matter how genuine the sender’s email address may seem, HMRC will never send notifications by email about tax rebates or refunds.

In 2017-18, HMRC received 771,227 reports of tax refund and rebate scams and this looks unlikely to decrease, as it can be a very effective way for fraudsters to get access to personal information. Indeed, as a report by Verizon into data breach investigations has shown, nearly one in four (23%) people open phishing emails.

Tax professionals fall prey, too

However, it’s not only the individual tax payer who is at risk. The problem is widespread and can affect both individuals and businesses.

Fraudsters and scammers are actively targeting tax professionals in a bid to gain access to their client’s details. Originally highlighted by the U.S. Internal Revenue Service (IRS), phishing emails impersonating important software update notices are designed to get into a system and steal large amounts of data in a single attack.

In 2018, the IRS noted a 60% increase in bogus email schemes that sought to steal money or tax data, and, as the U.S is currently entrenched in the yearly tax season, the threat of business email compromise (BEC) scams could be even higher than usual. These emails often target human resources or payroll managers to specifically request employee W-2 files, which not only disclose individuals wage details, but their social security numbers and addresses as well.

Stay vigilant

Both the IRS and HMRC offer comprehensive services and advice to check and report phishing attempts and scams. However, there are steps that employers can also take to protect their employee and client data.

MarkMonitor has a portfolio of anti-phishing solutions which protect a business by preventing, detecting and mitigating threats. Nevertheless, employees must also understand that they are the first line of defence against fraudsters and they should carry out substantial checks before divulging confidential information about themselves or other employees.

HMRC advises reporting phishing email scams here and the IRS recommends organisations receiving W-2 scams to contact both the IRS at with the subject line “W2 Scam” and the FBI’s Internet Crime Complaint Center (IC3).

antifraud, antiphishing, tax scams


Related Post

Stefanie Wood Ellis 5 min read 03 Mar, 2020

Prepare to be Scammed: How People Can Make the Difference

The year 2020 came in with a bang and it hasn’t let up yet. From the UK’s Brexit...

antifraud, phishing

Stefanie Ellis 2 min read 10 Oct, 2019

Deep diving into the dark web

Much of our perception of the dark web is limited to what we see on TV — a hub for...

dark web, Deep Web,

Stefanie Ellis 1 min read 10 Oct, 2019

Off the hook: Fighting back against phishing

In today’s evolving cyber landscape, it’s not enough to just deal with attacks.

Featured, antifraud

Get All News Updated to your inbox