x
Breaking News
More () »

Cybersecurity experts warn about an increase in tax scams ahead of July 15 filing deadline

People have been given three extra months to file their taxes. Hackers have been given a larger window to scam those who are most vulnerable.

HARRISBURG, Pa. — The new deadline to file your taxes is quickly approaching. Due to COVID-19, the IRS extended tax day to July 15. Cybersecurity experts warn that scammers are targeting people using the tax filing extension. 

Researchers with Check Point Software Technologies Ltd., a California-based cyber security company, identified a recent tax scam impersonating the IRS with a fraudulent 1040 form to steal users’ personal credentials and financial information.

The fraudulent form was uploaded to Google Drive and emailed out to unsuspecting victims. Maya Levine, cloud security engineer at Check Point, said the document contained a link that mimicked a Microsoft OneDrive login page.

RELATED: Department of Revenue offering assistance to tax filers ahead of deadline

“But that was a fake page,” explained Levine. “It was a completely illegitimate page and then when the victims would log in to Microsoft OneDrive with their credentials, thinking they were actually logging in to the real service, they would be sending the hacker their login credentials.”

Armed with your credentials, hackers try to access personal data, including your bank and tax accounts. The IRS is warning taxpayers about a surge in email and phishing scams trying to exploit the tax deadline extension.

RELATED: FOX43 Finds Out: what happens if you throw away your EIP debit card?

By February, the IRS had already detected about $135.6 million in tax refund fraud, a 751-percent increase from the same period last filing season, according to a report from the U.S. Treasury Inspector General for Tax Administration.

Levine said this latest tax scam came with a “phishing kit,” which is a collection of software tools that makes it easy for people with little or no technical skills to launch a phishing exploit of their own. Essentially, it’s a how-to for wannabe hackers.

“It’s unfortunate because it enables people who don’t really have those technical abilities to still commit these cyber crimes,” she said.

Cyber security experts recommend changing your account passwords every three to six months and urge people to do their research before clicking on emailed links.

“Instead, go to Google and type in where you’re trying to go and go there from the legitimate website,” Levine added. “That’s your way of knowing that for sure you are not clicking on a fake website.”

The IRS reminds taxpayers they will never contact you by phone, email or text. Call them old-fashioned, but the agency sticks with the United States Postal Service. For people who are facing hardships who cannot pay in full, the IRS has several options on their website.

Before You Leave, Check This Out