Fraudsters Build Up Phishing Repertoire for 2021 Tax Season. Are You Ready?

As millions of US taxpayers prepare for 2021 tax season, hordes of fraudsters and scammers are preparing to rip off residents and non-residents alike. Fraudsters had an early start anticipating the buzz surrounding tax filing season, with phishing campaigns impersonating the government agency as early as November 25, 2020, according to Bitdefender Antispam Lab.

Spikes in IRS-related phishing scams were noticed January 19 and 21 when most the incoming agency-related correspondence was marked as spam.

This warm-up was no coincidence, since the 2020 fiscal year raked in $2.3 billion in tax fraud, according to the agency’s annual report.

Identity thieves used stolen Social Security numbers and other personally identifiable information (PII) to file early tax returns in the name of legitimate taxpayers, or used petty scare tactics to frighten recipients into making immediate payments to avoid arrest or deportation.

Know the digital you to protect the real you with Bitdefender’s Digital Identity Protection tool.

Identity thieves use fake W-8BEN Forms to targets non-residents once again

Fraudsters are targeting non-residents in the US using a fake version of the W-8BEN Form (Certificate of Foreign Status of Beneficial Owner for United States Tax Withholding and Reporting) to steal sensitive data.

This version of the scam has been spotted over 80,000 times since November 25, 2020, with with more noticeable spikes expected to hit inboxes up until the April 15 deadline.

Unlike traditional phishing, which requires recipients to access a spoofed website or download a malicious attachment, scammers have set up a fake fax number where recipients must forward their information. You don’t access a malicious attachment or link. The fake version will tell you to provide particular information not included in the legitimate W-8BEN US tax exemption document, such as your passport number, profession, mother’s maiden name, bank account name and number and investments.


Fake version of the W-8BEN form

The genuine format of the tax exemption document looks like this:


Original W-8BEN form version

shows that it also targets US citizens, who are also asked to return it alongside a copy of their passport within 7 working days.

“If you are a USA Citizen and resident, this W-8BEN Form is not mean for you, please indicate USA Citizen/Resident on the form and return it to us,” the email reads. “We shall then send you a form W9095.” The W9095 form referred to in the body of the email does not exist. It’s merely used to deceive unsuspecting taxpayers.


IRS phishing email sample

Other IRS impersonation scams

Fraudsters have also recycled older versions of IRS impersonation scams by leveraging the Economic Impact Payments as part ofThe Coronavirus Aid, Relief, and Economic Security (CARES) Act.

In one version, targets are sent an email notifying them they are eligible for a second Economic Impact Payment and asked to submit their deposit details. The email also includes an attachment, claiming to outline the necessary steps and information for taxpayers. Once accessed, it will infect the recipient’s device with credential-stealing malware.


IRS coronavirus tax relief scam

A separate phishing email impersonating acting IRS Commissioner Charles P. Rettig attempts to dupe recipients into paying a one-time fee to receive over $10 million in funding.


IRS Commissioner Impersonation scam

How to spot and protect against IRS impersonation scams

Despite multiple IRS awareness campaigns run by the IRS, fraudsters and identity thieves continue to scam taxpayers across the country. You can easily check the validity of IRS-related correspondence by keeping in mind that:

  • The IRS will not ask you for down payments or fees to receive your refunds early
  • The agency will not contact you via electronic mail, text messages or social media to request your personal or financial information
  • IRS agents will not seek out citizens and bully them into paying for expedited tax returns

On top of a dedicated security solution that can protect you against phishing and malware attacks, good cyber hygiene is key to avoid becoming another identity theft statistic this year:

  • Don’t respond to unsolicited correspondence posing as legitimate IRS notifications
  • Never provide banking information, PIN codes or passwords
  • Check the email for spelling and grammar mistakes
  • Do not open attachments or click on embedded links
  • When in doubt, visit the IRS official website for additional information
  • Report any suspicious activity via the dedicated IRS Scam reporting tool