![](\"https:\/\/media.wired.com\/photos\/5ca266d84a091a63bdaf19c4\/master\/pass\/phishingtax-01.jpg\"\/)
<\/p>\n<\/p>\n
Credit to Author: Louise Matsakis| Date: Thu, 04 Apr 2019 10:00:00 +0000<\/strong><\/p>\n The Internal Revenue <\/span>Service has warned<\/a> taxpayers for years to be wary of online phishing<\/a>, where people impersonate the agency using fake emails, text messages, or websites in order to steal your personal information. Last month, phishing topped<\/a> the agency\u2019s \u201cdirty dozen\u201d list of most prevalent scams.<\/p>\n But online scammers do more than masquerade as the IRS. Some have created fake versions of online accounting tools like QuickBooks, while others pretend to be tech support agents. The cybersecurity firm Lookout discovered more than 100 websites registered in recent months that appear designed to dupe people trying to file their taxes. The domains target a large pool of potential victims: More than 135 million Americans filed their taxes electronically<\/a> last year, according to the IRS.<\/p>\n Lookout discovered that tax scammers start early: Dozens of these websites were created in December, right around the time people begin receiving their W-2 forms. (Some of the sites also targeted victims in the United Kingdom.) Many of the domains appear designed to steal login credentials or personal information like passport numbers. Other varieties coax people to download malicious software.<\/p>\n One of the most basic scams Lookout uncovered are sites that impersonate accounting tools from the company Intuit, which makes popular software like Quickbooks and TurboTax. These sites often use domain names that are very similar to the real ones, like \u201cquickbooksltd.com\u201d or \u201caccounts-quickbooks.com.\u201d The domains are often engineered to steal users\u2019 login credentials for the legitimate sites.<\/p>\n Lookout also found a breed of sites that appear to retrofit a classic online scam for tax season: pretending to be tech support. Tax software isn\u2019t something most people use on a regular basis, so it makes sense that many users look for help navigating it. Unfortunately, scam websites like \u201cquickebooksupport.com\u201d and \u201cquickbooks-helpline.com\u201d are waiting for them. \u201cThe mode of attack is an SEO optimization thing,\u201d says Jeremy Richards, a security intelligence researcher at Lookout, meaning the scams try to snag people who are searching sites like Google or Bing for help.<\/p>\n At the 1-800 numbers listed on these sites, people posing as \u201csupport\u201d technicians often ask for remote access to victims\u2019 computers in order to steal sensitive personal information. Other schemes use the numbers to sell bogus, unnecessary software. Similar sites have been built<\/a> to impersonate Apple support technicians, and the podcast Reply All did a deep dive<\/a> on comparable tech support fraud in 2017.<\/p>\n Richards also discovered over 50 tax-related domains that appeared to be part of the same malicious advertising network. It\u2019s not clear exactly how the scam works, but once on the site, users would be directed to download malware disguised as things like software updates. The group of sites may represent a clever way for phishing scammers to dupe you, even if they can\u2019t obtain your login credentials or personal information.<\/p>\n In general, Richards says, phishing websites redirect you to Google if you don\u2019t land on the right phishing trap, or they present a 404 error<\/a>. \u201cBut now they\u2019re redirecting to some way that they can monetize,\u201d he explains. Didn\u2019t hand over your login credentials? Here, have a malicious Flash update<\/a> instead.<\/p>\n To find these tax scams, Lookout used an AI tool<\/a> built in 2017 that monitors internet infrastructure organizations\u2014like companies that offer free web hosting\u2014for suspicious-looking domains. Lookout finds thousands of potential new phishing sites each day, and regularly alerts companies whose websites scammers are trying to mimic.<\/p>\n But because the tool only watches for websites, it can\u2019t provide a full picture of how every tax scam works. For example, if a scammer sends an email asking you to click on a bogus IRS link, Lookout can detect the domain, but not the email itself. It\u2019s like \u201cwe see blood on the floor but we don\u2019t know where the knife is,\u201d Richards says.<\/p>\n Lookout\u2019s research only represents a small slice of the total number of tax scams out there this year. Other recently reported scams<\/a> involve using social media to target users with misinformation about phony tax breaks to obtain their personal information. But the websites show scammers are evolving, and indicate that phishing<\/a> is still a serious threat. There's still more to be learned about how many of these scams operate, but in the meantime there are simple ways to stay safe<\/a>.<\/p>\n The IRS says<\/a> it typically contacts citizens first by mail, not via email. If you haven\u2019t received a paper letter, it\u2019s unlikely that any electronic communication claiming to be from the agency is real. Legitimate tech support agents also don\u2019t need to see your screen or obtain your login information in order to help you. And it\u2019s always a good idea to use a password manager<\/a> instead of reusing the same password across multiple accounts.<\/p>\n