EXECUTIVE SUMMARY:

In the US, attackers usually try to take advantage of tax season to distribute malware and ransomware. This year might be the most vicious year on record.

In November of 2019, cyber security researchers discovered a spoofed version of the IRS’ website. At the time, the site targeted more than 100,000 individuals.

More recently, security researchers came across a phony version of Form 1040, a standard-issue tax form filed by residents in the United States during tax season. The researchers found that the PDF document was called “2018 1040 Tax Forms5.pdf.” Individuals who opened the form saw that it was in a Google Drive document, making it appear at least somewhat credible. It’s unclear as to how many people have fallen victim to this scam.

For its part, the IRS says that “…it is actively working on combating scam artists, and is prioritizing investigations into those who prey on vulnerable taxpayers,” reports National Public Radio (NPR).

On an annual basis, the IRS publishes a list of the most common emerging tax scams. In case you’re curious about the top threats, access the IRS list here.