Tax scammers are exploiting the current political divide and resurrecting old websites to lure in potential victims, according to a new report.
The
"Due to successful evasion techniques used by these cybercriminals, old websites with good reputations and rankings on search engines garner a sense of legitimacy among the targeted audience," said the report. "Since security analysts generally warn people interacting with recently registered websites, old websites remain off the radar."
Those include several websites registered using freely available platforms such as the venerable blogging service Blogspot. The fraudulent sites feature alleged "warnings" from the Internal Revenue Service about impending deadlines, but have giveaways such as misspellings and odd use of capital letters. BforeAI's threat research team noticed that some of the old domains were re-registered last December right before tax season.
Scammers are also taking advantage of the current political climate in the U.S., launching websites mentioning President Donald Trump with tax-related keywords to entice users to their alleged services. One site used the keyword "trump" with "tax refund" while also offering a tax calculator. The BforeAI team also noticed cybercriminals exploiting the cryptocurrency arena through meme coin scams, including a "NoTax Coin" featuring Trump, who has launched memecoins of his own that have led to
The threat researchers spotted a new tax-related service in which recently established businesses are leveraging the "gov" keyword to mislead people in search of legitimate government services. One website previously advertised a service to claim up to $32,000 in just 20 minutes, but now features an affiliate referral link and promotes a completely new business offering.
The BforeAI team also observed the use of the IRS logo to make fraudulent websites mimic the official IRS website, but with the use of different fonts and colors creating a confusing, unclear target. One such site featured the official IRS logo but was in the Russian language and is probably targeting Russian nationals.
Some websites showed statements of tax payments, perhaps in an effort to lure victims into checking their statements and thereby sharing their financial data. The team also saw various phishing attempts featuring fake login and signup forms requiring users to authenticate their identities via ID.me, Google or their social media accounts.
"As we fulfill our tax obligations this season, be on the lookout for tax-related traps laid by cybercriminals," warned the report.
