Tax season is a critical time of year, not only for tax authorities but also for cyber criminals who seize the opportunity to launch targeted attacks. Individuals filing their taxes or dealing with tax-related matters become easy targets for attackers seeking to steal personal and financial information.

During tax season, the rise in online fraud and phishing scams presents significant challenges for both individuals and organizations. As cyber criminals exploit tax-related activities to target vulnerable users, it becomes essential to stay informed about the latest tactics and trends. In this post, we explore the emerging threats associated with tax season and offer insights into how businesses and consumers can protect themselves from these growing risks.

HMRC and Tax-related Threats

Since February, Check Point Research (CPR) has tracked dozens of newly registered domains related to the British tax service, His Majesty’s Revenue and Customs (HMRC), with 46% classified as malicious or suspicious. One such domain is hmrcnoticecenter[.]com. As shown below, attackers use this domain to attempt phishing schemes, luring users into revealing their personal information.

CPR also identified some additional fraudulent websites that used “HMRC” in their domain names to deceive victims into thinking they were legitimate sites, for example:

  • hmrc-tax.club
  • online-hmrc.su
  • gb-hmrc.com
  • contact-hmrc.com

Although these sites are now inactive, their purpose was clear: to steal user credentials and personal information.

Additionally, a tax-related phishing campaign using HMRC branding was discovered. The phishing emails appeared to be from “HMRC digital” and attempted to persuade users to click a link that was made to appear related to a legitimate government website (tax[.]service[.]gov[.]uk). However, clicking the link would actually redirect users to a malicious site (currently inactive), compromising their data.

Subject

HMRC Electronic Communications: Verify Your Email Address

 HMRC: Start receiving tax letters online
From HMRC digital <hmrc@mailserver-govuk[.]com> “HMRC digital” <supervisor@108h[.]net>
Body
IRS Phishing Campaign

In the US, CPR detected a phishing campaign impersonating the Internal Revenue Service (IRS). Fraudulent domains like www[.]irstaxrefund[.]online and irs[.]gov[.]irstaxrefund[.]online replicated the official IRS website, using its logo to mislead users into sharing sensitive information. This enabled hackers to steal user data effectively.

How to Protect Yourself

Advanced threat prevention solutions continuously monitor and block fraudulent websites and phishing campaigns. By leveraging AI and machine learning, suspicious activities can be detected in real time, and cyber criminals can be stopped before causing harm. Whether through web filtering, email protection, or cloud security, these measures help ensure you stay safe, especially during high-risk times like tax season.

Tips for Staying Safe
  • Always double-check the URL before clicking any link in tax-related emails.
  • Be cautious of unsolicited emails asking for personal information.
  • Use strong, unique passwords for your tax-related accounts.
  • Enable multi-factor authentication wherever possible.

As tax season rolls around, stay vigilant. Cyber criminals are always looking for opportunities to exploit taxpayers, but with the right cyber security practices, you can protect yourself from these threats.

You may also like