Code Background
Blog General Infosec

Nothing is Certain but Death and Taxes…and Phishing Scams?

NOTE: Iris Detect has supplanted PhishEye, with dramatically expanded capabilities. Please explore Detect for your brand protection, anti-fraud, and spoof infrastructure analysis needs.

New Survey Reveals Over Half Of Americans Plan To File Taxes Online Despite The Increased Risk Of Phishing Scams

April 15 has long been dreaded as the deadline to pay income taxes in the United States. In the past couple of years, tax season has had another reason to be feared – tax scams. With the filing routine shifting from analog to online paired with the rise in savvy hackers looking for their next target, consumers are more prone than ever to tax-specific cyber scams. This is mostly due to consumers’ propensity to share private information and financial details, such as social security numbers, addresses, and banking numbers, into databases. According to the IRS, the number of taxpayer victims jumped from a few hundred to several thousand in just days already this year.

To take a deeper dive into what makes tax season so opportune for scammers, we surveyed over 1,000 U.S. consumers to get a sense of their tax filing tendencies and the overall awareness of the potential cyber risk they may encounter when doing their duty as law-abiding citizens. The results show that despite the increase risk of online tax scams, over half of U.S. consumers file taxes online. What’s more, the IRS’s early warning for online tax fraud in February 2018 was unbeknownst to 73 percent of consumers polled.



Contrary to popular belief, your grandparents aren’t actually more susceptible to clicking on a bad link. In fact, our survey revealed that from Gen Z to Millennials and Baby Boomers—age has nothing to do with the likelihood of being scammed during tax season. When asked about tax-related scams, one in five consumers admit they have clicked on a bad link they initially presumed was shared by their trusty tax company or the IRS. Of this portion, 13 percent unfortunately had their identity or tax refund stolen or their personal information compromised.





While nearly all (94%) who file online are very or somewhat aware of phishing scams, only half (54%) are closely monitoring emails ostensibly from the IRS and their preferred tax services to determine if the messages are legitimate. The other 46 percent pay little to no attention to the legitimacy of tax-themed emails.




TurboTax is by far the preferred service of online tax filers, with 72 percent of respondents having used the service at least once. In response to this overwhelming preference, DomainTools’ researchers were curious to see if scammers had caught wind of where consumers most frequently go to file online. With the help of PhishEye, we uncovered a number of domains that disguise themselves as TurboTax, further validating that scammers are actively looking to prey on unsuspecting online tax filers this year.




With online tax scams on the rise, we asked consumers how they are planning to mitigate these risks this year. One way 15 percent of consumers are eliminating risk altogether: opting out of online filing.



While reverting to pen and paper automatically removes the risk of falling victim to tax-specific phishing scams, the reality is we live in a convenience-based world, and as a result need to exercise hyper-vigilant online behaviors no matter our online activity.

As online tax filers take to their screens before the April 15 deadline, below are a few tips to help steer clear of scammers and their tricky schemes this tax season:

  1. Research: Routinely check the IRS website for the latest warnings and research on new scams.
  2. Review: “Phishy” links such as the TurboTax examples above become more apparent the closer you review them. Take the time to look at the URL used in an email (purportedly from the IRS or your tax provider) for any strange affixes, or additions to the domain. It is important to note that the IRS does not use email to initiate contact with taxpayers to solicit personal information.
  3. Reroute: If you see a link from the IRS or tax provider in your email or on social media and you aren’t sure it’s legitimate, do not click on it. Instead, go directly to the official website of your tax service provider.