When scammers want to impersonate a government agency in an email phishing scheme, they are most likely to use the IRS.
This is according to data from cybersecurity company
In many types of phishing attacks, the scammer will open communications with a potential mark by claiming to be from a legitimate organization, and ask them to click an email link that will either take them to a website that pulls them deeper into the deception, or installs malware on the victim's computer. These links will usually seem like they're coming from a legitimate organization, but with key misspellings meant to deceive, such as a lowercase 'l' in place of an 'I'. The links may also have a different domain, such as .com when it should be .org or .gov.
In terms of how often an entity is impersonated in such schemes, the IRS ranks No. 6 out of 50. While other government entities are also impersonated with some frequency, such as the National Police Agency of Japan, none of the others comes close to the IRS. The only entities, public or private, that ranked above the IRS were Meta (Facebook's parent company), DHL, Microsoft, PayPal and AT&T.
Rank | Brand | Sample domain used to phish brand[1] |
---|---|---|
"Phishing attacks prey on our trust in the brands we love and use everyday, and are becoming more difficult to spot for even the most digitally-savvy person," said Matthew Prince, co-founder and CEO, Cloudflare, in a statement. "Our sanity, bank accounts and passwords shouldn't be compromised because we glossed over a misspelled 'from' field or accidentally clicked on an obscure URL. We've extended our Zero Trust services with real-time protection against new phishing sites, so our customers won't fall victim to attacks leveraging the brands they trust."
Another group well aware of how often scammers impersonate the IRS is the IRS itself, which frequently warns taxpayers about new threats. Most recently it warned of a new scheme circulating on social media that encourages people to use tax software to manually fill out
One variation involves people using
A similar variation involves people making up fictional employees employed in their household and using