Be Aware of Fake Insurance Tax Form Scam
SynopsisThe IRS recently issued a warning to tax professionals and their clients to make them aware of a fake insurance tax form scam being used to access annuity and life insurance accounts.
The scheme combines several tactics, but basically works in the following manner: The cybercriminal impersonates a legitimate cloud-based storage provider and sends out a phishing email to a tax professional. The tax professional provides their email credentials, including username and password. The cybercriminal now has access to the tax professional’s account and steals client email addresses. The cybercriminal then impersonates the tax professional and sends client emails attaching a fake insurance form requesting that the form be completed and returned.
Below is an example of the text of the phishing email:
Dear Life Insurance Policy Owner,
Kindly fill the form attached for your Life insurance or Annuity contract details and fax back to us for processing in order to avoid multiple (sic) tax bill (sic).
The cybercriminal, using information obtained from the completed form, impersonates the client and contacts the individual’s insurance company. The cybercriminal attempts to obtain a loan or make a withdrawal from the individual’s account.
Have You Been a Victim? Take These Action Steps
There are three things a taxpayer can do if they are ever the victim of a phishing scam/tax identity theft:
- Contact the Treasury Inspector General for Tax Administration (TIGTA) to report telephone tax scam calls. Use TIGTA’s IRS Impersonation Scam Reporting web page or call toll-free (800) 366-4484.
- Report scam attempts to the Federal Trade Commission (FTC). Use the online FTC Complaint Assistant.
- Send copies of phishing emails to the IRS at firstname.lastname@example.org.
Phishing scams and tax identity theft schemes are becoming more and more pervasive. Here are a few statistics that put the problem in context:
- 61% of data breach victims are businesses with under 1,000 employees
- 1 in every 131 emails contain malware (the highest rate in 5 years)
- Phishing emails drained nearly $3 billion from companies over the last 3 years
- 9,053,156,308 records have been lost or stolen since 2013, and only 4% of those records were encrypted
- 5,236,065 every day
- 218,169 every hour
- 3,636 every minute
- 61 every second
What Does CohnReznick Think?
Targeted, highly sophisticated attacks similar to the fake insurance tax form scam carried out by cybersecurity criminals are increasing by the day. Considering today’s threat landscape, it is nearly impossible to conceive that any organization or individual will not be affected by a cyber attack or a breach. Hence, a heightened and continual awareness of security is critical in order to proactively identify, detect, and monitor for unusual activities.
Humans are generally considered the weakest link in the cybersecurity chain. However, increased awareness of security measures and adequate employee training and support will ensure that employees consistently and accurately recognize a potential cyber threat and take the appropriate action at the right time in order to prevent a breach.
This has been prepared for informational purposes, is general guidance only and does not constitute legal or professional advice. You should not act upon the information contained in this publication without first obtaining professional advice specific to, among other things, your individual facts, circumstances and jurisdiction. No representation or warranty (express or implied) is made as to the accuracy or completeness of the information contained in this publication, and CohnReznick LLP, its partners, employees and agents accept no liability, and disclaim all responsibility, for the consequences of you or anyone else acting, or refraining to act, in reliance on the information contained in this publication or for any decision based on it.