Email attacks related to federal taxes are likely to hit a peak in advance of the extended May 17 deadline, new research has claimed.
Security firm Abnormal Security has used its analysis of historical data combined with their own attack detection processes to pinpoint the expected spike in malicious email activity – and it’s coming soon.
So far this year tax-related attacks have followed a similar trend pattern to 2020, taking a dip after the extension announcement (59% in 2020, and 60% in 2021). Attack volume then ramps up again in the lead up to the new deadline, increasing 122% last year 10 days before the government’s revised deadline.
Unsurprisingly, the volume of malicious email begins to grow early on in March as individuals finalise their accounts and get their tax filing documents in order prior to filing their tax return. For 2021, this was followed by a significant upturn in malicious email activity after the government’s decision to extend the March tax-filing deadline in the wake of the coronavirus pandemic.
According to Abnormal Security’s findings, the attacks follow similar themes and patterns. More than 60% of malicious tax-related attacks were targeted attempts to carry out credential phishing. Along with trying to get hold of personal details, which is still the most common practice, criminals are also peppering emails with malware and using electronic messages for reconnaissance and scam attacks.
Common themes used by fraudsters include flagging the status of a user’s tax refund, outlining additional tax credits or attempting to raise issues with returns that have already been filed. On top of that, criminals are also posing as or ‘spoofing’ tax collection agencies in a bid to dupe individuals into sharing their tax-related ID information.
While nearly 100% of attacks have targeted individual mailboxes rather than group mailboxes, the research also highlighted that tax-related email attacks more commonly single out VIP employees than non-tax-related email attacks.
Indeed, the research also flagged up how a number of their examples indicated that attackers were impersonating internal resources and employees in a bid to secure valuable tax-related information that could be used for criminal activity.