Tax return email attacks set to spike in advance of May filing deadline

Malicious emails set to peak very soon

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Email attacks related tofederal taxesare likely to hit a peak in advance of the extended May 17 deadline, new research has claimed.

Security firm Abnormal Security has used its analysis of historical data combined with their own attack detection processes to pinpoint the expected spike inmalicious emailactivity - and it’s coming soon.

So far this yeartax-related attackshave followed a similar trend pattern to 2020, taking a dip after the extension announcement (59% in 2020, and 60% in 2021). Attack volume then ramps up again in the lead up to the new deadline, increasing 122% last year 10 days before the government’s revised deadline.

Unsurprisingly, the volume of malicious email begins to grow early on in March as individuals finalise theiraccountsand get their tax filing documents in order prior to filing theirtax return. For 2021, this was followed by a significant upturn in malicious email activity after the government’s decision to extend the Marchtax-filing deadlinein the wake of the coronavirus pandemic.

Tax refunds

According to Abnormal Security’s findings, the attacks follow similar themes and patterns. More than 60% of malicioustax-related attacks were targeted attempts to carry out credential phishing. Along with trying to get hold of personal details, which is still the most common practice, criminals are also peppering emails withmalwareand using electronic messages for reconnaissance andscam attacks.

Common themes used by fraudsters include flagging the status of a user’stax refund, outlining additional tax credits or attempting to raise issues with returns that have already been filed. On top of that, criminals are also posing as or ‘spoofing’ tax collection agencies in a bid to dupe individuals into sharing theirtax-related IDinformation.

While nearly 100% of attacks have targeted individual mailboxes rather than group mailboxes, the research also highlighted that tax-related email attacks more commonly single out VIP employees than non-tax-related email attacks.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Indeed, the research also flagged up how a number of their examples indicated that attackers were impersonating internal resources and employees in a bid to secure valuabletax-related informationthat could be used for criminal activity.

Rob Clymo has been a tech journalist for more years than he can actually remember, having started out in the wacky world of print magazines before discovering the power of the internet. Since he’s been all-digital he has run the Innovation channel during a few years at Microsoft as well as turning out regular news, reviews, features and other content for the likes of TechRadar, TechRadar Pro, Tom’s Guide, Fit&Well, Gizmodo, Shortlist, Automotive Interiors World, Automotive Testing Technology International, Future of Transportation and Electric & Hybrid Vehicle Technology International. In the rare moments he’s not working he’s usually out and about on one of numerous e-bikes in his collection.

This new phishing strategy utilizes GitHub comments to distribute malware

Should your VPN always be on?

5 must-have Android apps