What do tax scams in the US tell us about identity protection this financial year?


Coming up to the end of the financial year, people all around Australia will be busy filing their tax returns and making sure that their books are balanced and everything is swimming along nicely.

On account of this information, tax scam hackers are rife around the world right now - and the scams affecting citizens in the US should highlight to Australians a few invaluable lessons about what to look out for. It could be something as (potentially) obvious as a false email from the Australian Taxation Office (ATO), or other misleading emails asking for proof of identity(1).

There are many ways that citizens of this beautiful country can stay safe this tax season, and all it takes is a little care.

What scams are currently out there?

According to a Symantec report, there are four tax scams that are currently being seen in the US. The first is that a user's account or tax number has been locked and restricted(1). A fake email is sent that includes the Inland Revenue Service (IRS) logo and it all appears very convincing - as most phishing scams do. The idea of the email is to get a viewer to click on a link that will take them to another convincing website where they would be encouraged to enter their details and other sensitive information(1). Once a user has done this, their data is in the hands of a hacker, who can either use it for their own purposes or sell it on to someone in an underground web forum.

Another issue that is affecting the US taxation season is an email that includes a malicious download(1). The user is informed that they have owed the IRS money, and a deduction was taken from their account, with an attached receipt that they are prompted to download(1). The link is actually a piece of malware called W32.Golroted, which is a worm that steals data and copies itself to removable devices such as hard drives and mobile phones(2).

The third scam involves another IRS email, this time informing the reader that they are actually eligible for a tax return, so long as they provide proof of identity(1). This might be a full copy of your passport, drivers licence, bank statement or utilities bill(1). A hacker can sell a fake passport for up to $4,500 according to Havocscope(3). Hackers in return have to do very little work in order to obtain the information if people aren't careful about phishing scams, which makes the threat even more real.

The last scam reported by Symantec involves something similar to the second one, where the false IRS website that users are directed to asks for updated personal information(1). In these situations, all the scammer has to do is sit and wait once the website has been set up - there's almost no waiting time either, as people are rushing to make sure their taxation details are correct so they aren't stung with fines or deductions.

How could Australians be at risk?

The Australian landscape is just as susceptible to being infiltrated by these hackers. The Australian Federal Police report that cybercrime costs Australia as much as $15 billion every year(4). That's a staggering amount for a country with only 24 million inhabitants.

The Australian Crime Commission also highlights the fact that while many people are found guilty every year of tax fraud themselves, identity scams by "highly organised third parties" are becoming an increasing problem(5). Business activity statements and GST claims are two very easy things to fabricate or steal(5), so people should be vigilant about who or what they are giving their personal information to on the internet.

ScamWatch reports that there has already been a loss of $346,845 to phishing scams in Australia through 2016(6), while identity theft comes in behind at $192,746(7). These numbers are far too high considering we are only in May - for the whole of 2015, phishing scams affected the country to the amount of $363,270(6), and we're already very close to that figure less than halfway through the year.

This figure needs to change - as a country, we need to be better at protecting ourselves and learning how to spot a scam before it affects us. Where personal information is concerned, it can be a real challenge to change data or accounts on which that material is being used. It's a hassle as well, and for the millions of busy Australians that have already been affected, this is a thorn in their sides that they're unfortunately now aware of.

If you suspect that you've been affected by a taxation scam, get in touch with Identity Watch immediately. Our white-hat hackers patrol forums where stolen identity information is exchanged and can inform you if it appears on our radar so that you can take the best course of action to potentially minimise your risk.

1. Symantec Security Response. Four tax scams to watch out for this tax season. Accessed May 2016.

2. Symantec Security Response. W32.Golroted. Accessed May 2016.

3. Havocscope. Average price of stolen passport for sale. Accessed May 2016.

4. Australian Federal Police. Identity Crime. Accessed May 2016.

5. Australian Crime Commission. Frauds. Accessed May 2016.

6. ScamWatch. Phishing. Accessed May 2016.

7. ScamWatch. Identity theft. Accessed May 2016.