Tax season has officially started! The Internal Revenue Service (IRS) of the US will be accepting tax returns between January 24 and April 18 this year. While this may seem like plenty of time for all the people out there dreading submitting their tax forms, it is probably a good idea to get started now. Filing early denies criminals the opportunity to steal your refund; they can’t steal your refund if the IRS returned it to you already.

Everyone files taxes, so tax-related scams are more likely to succeed due to the sheer number of potential victims. The stress of the approaching deadline and frustration from all the government forms make it easier for people to act in haste, possibly falling for a tax-related fraud.

Return Frauds

Filing taxes early reduces the chances of someone doing it for you; by others, we mean cybercriminals. Cyber attacks and data breaches frequently result in personal information being traded on the underground cybercriminal forums. This of course is not a new phenomenon, in our blog   Tax Fraud In 2020: Down But Not Out, we reported on the various types of tax-related data being sold. Criminals will then take that information, try to file a tax return, and then get the tax refund that’s meant for you. The process is actually not that sophisticated. They take whatever tax information they have and process the return electronically. Sounds nice, right? Someone else doing your taxes. The catch is that the refund is mailed to them as a check instead of going to your bank account. In 2020, the Federal Trade Commission received over 400,000 reports of identity theft used to apply for government documents or benefits, a drastic increase from the 23,000 reported in 2019.

The IRS has tried to circumvent this by implementing various forms of 2-factor authentication (2FA). The IRS tries to prevent fraudulent claims by issuing an Identity Protection PIN (IP PIN) to users as an extra way to verify the tax filer. They also mail a new IP PIN each year to confirmed victims of tax-related identity theft. That is on top of asking for information that only the tax filer should have access to, like the previous year’s adjusted gross income (AGI). However not everyone uses the IP PIN, so not everyone has the same level of protection against identity theft returns. It is simple to get an IP PIN, and users are encouraged to use this method as a means of protecting against identity theft. Video Selfie Screen

The IRS also uses the identity solution, which uses images of a valid government issued photo ID, to verify identity. Previous Photon Research team investigations have uncovered the interesting lengths to which threat actors go to support the identity fraud ecosystem. has several security features to stay one step ahead of the fraudsters; if the tool deems the document to be authentic, it asks for a video selfie to prove that they are the same person as the photo ID. During the recording, the tool flashes a series of colorful lights to make sure the video features a real person and not a photograph. While the tool is not 100% accurate, it makes it more difficult for scammers to file a fraudulent return. Despite all the measures the IRS takes to prevent fraudulent returns, the unfortunate truth is that some still slip through the cracks. That is why criminals are still willing to pay for stolen tax information. 

It may seem daunting to try to prevent fraudulent tax returns. If the IRS can’t stop all of it, then what can you do about it? That brings us back to the original point. If you file your taxes early and have your refund already, no matter how much effort the criminal puts in, they can’t trick the IRS into paying the same refund twice. 

Scams, Scams Everywhere

Besides trying to file fraudulent returns, several other types of fraud activity occurs during tax season. Scammers will try to use threats and a sense of urgency to elicit an emotional response from you. A good example is the CP80 form sent by the IRS. It tells the recipient that they have credit on the account but will lose the credit if they don’t respond. Who in their right mind wants to lose money? To get the credit, they must “Send [their] signed tax return to the address shown above”, luring the recipient into providing sensitive information. 

The good news? Even though the form is legitimate, many recipients were sharp enough to recognize the common techniques used by scammers. But most unexpected correspondence from the IRS won’t be legitimate. Here are some examples of other scams that typically occur during tax season:

  • Ghost Preparers – Pose as tax preparers and use illegal means to increase refund
  • Gift Card Scam – Pose as IRS and demand payment of supposedly owed taxes in gift cards
  • Refund Recalculation Scam – Pose as IRS and asks victims to give away personal information to claim a larger refund
  • Stimulus Payment Scam – Poses as IRS and asks victims to pay a small fee and give away personal information for fake stimulus payment
  • Attack on Organizations – Posing as auditors or executives to request tax documents from human resources and payroll professionals
User of Russian-language cybercriminal forum advertising stolen tax forms
User of Russian-language cybercriminal forum advertising stolen tax forms

Keeping safe during tax season

As a rule of thumb, the IRS only contacts people through physical mail. All the tricks used by scammers involve unsolicited phone calls and emails. They can spoof the caller ID and email address, so even if it seems legitimate, you should stay vigilant for fraudulent requests. We’ve previously issued a blog detailing how to recognise scams sent through phishing emails. 

A surefire way to make sure it’s from the IRS is by looking up the contact number on the IRS website (never use the contact information provided by a potential scammer). Whether you’ll actually get in contact with an IRS rep is a different story, and the lack of customer service and support make it easier for scammers since victims are unable to verify information. The approaching deadline for filing their taxes also adds to the sense of urgency often used by the scammers. As we stated at the start of this blog, it’s important to file your taxes early. 

When you file taxes early, your taxes get processed faster. You block possible attempts by criminals to file a fraudulent attempt in your name. You also save yourself the stress and frustration of long hold times should you need to contact IRS support. Imagine yourself smugly saying, “I got my return already” while people around you complain about doing their tax returns. As Benjamin Franklin once wrote, “[In] this world one thing can be said to be certain, except death and taxes.” You have to file your taxes eventually, so why not do it early this year?

If you’re looking for further advice on staying safe online and minimizing the chances of being stung during this tax season, then look no further. Our proprietary software SearchLight (now ReliaQuest’s GreyMatter Digital Risk Protection) assists our clients in identifying exposures, alerting in a timely manner, before offering sensible options for remediation. If you’d like to learn more, please sign up for a demo of SearchLight (now ReliaQuest’s GreyMatter Digital Risk Protection) here.