Data theft is a year-round, opportunistic crime, but seasonal events often trigger rises in spam and fraud. The most significant such example is tax fraud riding the wave of tax filing season.

It’s That Time of Year Again

Every year, tax filing season, which extends from January to April in the U.S., is one of the most popular opportunities for cybercriminals to perpetrate scam ploys. As soon as January rolls around, the volume of email flooding potential victims with tax return-themed spam begins rising gradually. The most common crimes that ensue are fraudulent tax returns on the consumer side and W-2 fraud on the business side.

Read the IBM X-Force Report: Cybercrime Riding Tax Season Tides

IBM X-Force Takes On Tax Fraud

IBM X-Force researchers looked into the various spam traps for a glimpse into the rise in tax-themed spam, and the numbers are already there. For two of the spam email examples we provided in our report, we saw a 393 percent increase from December 2016 to February 2017. We expect this rise to continue into April 2017 and to see new scam types appear well after the filing deadline passes as people wait for their refund notices to come through.

In this report, we’ll answer the following questions about tax fraud: What kinds of tax records are cybercriminals selling on the Dark Web? What kinds of ploys are they using? What can be facilitated with your information or information stolen from your company?

To learn more about the most current tax season scams targeting consumers and businesses, download our report “Cybercrime Riding Tax Season Tides: Trending Spam and Dark Web Findings.”

More from Fraud Protection

Web injections are back on the rise: 40+ banks affected by new malware campaign

8 min read - Web injections, a favored technique employed by various banking trojans, have been a persistent threat in the realm of cyberattacks. These malicious injections enable cyber criminals to manipulate data exchanges between users and web browsers, potentially compromising sensitive information. In March 2023, security researchers at IBM Security Trusteer uncovered a new malware campaign using JavaScript web injections. This new campaign is widespread and particularly evasive, with historical indicators of compromise (IOCs) suggesting a possible connection to DanaBot — although we…

Virtual credit card fraud: An old scam reinvented

3 min read - In today's rapidly evolving financial landscape, as banks continue to broaden their range of services and embrace innovative technologies, they find themselves at the forefront of a dual-edged sword. While these advancements promise greater convenience and accessibility for customers, they also inadvertently expose the financial industry to an ever-shifting spectrum of emerging fraud trends. This delicate balance between new offerings and security controls is a key part of the modern banking challenges. In this blog, we explore such an example.…

Remote access detection in 2023: Unmasking invisible fraud

3 min read - In the ever-evolving fraud landscape, fraudsters have shifted their tactics from using third-party devices to on-device fraud. Now, users face the rising threat of fraud involving remote access tools (RATs), while banks and fraud detection vendors struggle with new challenges in detecting this invisible threat. Let’s examine the modus operandi of fraudsters, prevalence rates across different regions, classic detection methods and Trusteer’s innovative approach to RAT detection through behavioral analysis. A rising threat As Fraud detection methods become more and…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today