In the world of data breaches, phishing scams are some of the easiest to pull off, requiring very little tech know-how, at least compared to something like a retail or hospital data breach. As the name implies, the scammer simply casts the net by sending out mass emails, entices the would-be victim to click a link or otherwise respond, and then the game of stealing identities, money, or both begins.
Fortunately, with the targeted widespread action campaigns by various law enforcement agencies and advocacy groups, the old phishing scams like the infamous Nigerian prince emails are proving less and less successful. On the other hand, scammers have had to turn to more fruitful, nefarious tactics like CEO phishing, spoofing, and outright ransomware.
In the US, nabbing taxpayers’ filing information is big business that leads to billions of dollars a year being paid out to identity thieves by the IRS. Tax return fraud is now a major focus for identity thieves as the payout can be exponentially higher than something like credit card fraud.
The IRS has issued an alert about a new phishing scam that seems to be specifically targeting tax preparers and tax accountants, but where Nigerian prince emails are so ludicrously worded as to almost be humorous, this phishing scam is anything but funny. And with nearly half of US taxpayers relying on a tax preparer of some kind, many of them lower income individuals who already lack the means to fight against fraud, the scam may only prove even more worthwhile for the criminals.
The unfortunate tie-in to software is that the thieves target tax preparers by posing as a contact from a tax prep software company, but that’s where the sophistication stops. The bogus software company email instructs the recipient to download the software from the included link, and once complete, the resulting virus gathers up client data and tax information.