While no one really enjoys paying tax, everyone loves a rebate. However, as the US tax season gets underway in earnest, cyber crooks are using client data stolen from accountancy firms to claim bogus tax refunds. Once the Internal Revenue Service has paid back the money, the hackers pose as debt collection agents to demand the return of the erroneously-paid rebate – threatening the victim of the scam with punitive measures if they fail to comply.
The hackers are employing increasingly sophisticated techniques to appear bona fide to both the IRS and the target businesses, initially using the authentic client data harvested from tax advisers to fool the Revenue. They then direct their victim companies to an authentic-looking phoney website; again quoting the genuine transaction details, Social Security numbers and banking credentials. The target is even assigned a specific debt collector with supporting personal information. Correspondence carrying an IRS letterhead then demands repayment of the rebate into the scammers’ bank account.
Anyone receiving an unexpected tax gift horse should look it carefully in the mouth.