
Attackers Take Advantage of Pandemic Confusion
Threat actors are taking advantage of the confusion surrounding the COVID-19 pandemic by increasing the volume of IRS-related scams. As the country scrambled to adjust to changes brought about the nationwide shut-down, opportunistic attackers timed their attacks to accommodate to new tax deadlines.
According to a report by Abnormal Security, attacks surged in early March 2020, slowing down as the filing deadline was moved to July. Then, predictably, the attacks spiked again the week before the extended deadline.

What to Expect in the Coming Weeks
Reports show that comparing 2020 to 2021, attacks are up 400%. Attackers are becoming more sophisticated, targeting corporate executives as well as government entities. According to Abnormal Security, most attacks are centered around credential theft, followed by malware attacks, scams, and reconnaissance.
SEE ALSO Are You Getting IRS Scam Calls from Area Code 202?
Reported subject lines include:
- [EXT] Claim your free tax credit
- [EXT] Are you a future crypto tax preparer
- Recalculation of Your Tax Refund Payment
- Fw: Accepted tax payment: INTUIT SERVICE NOTICE
Individuals must check the sender on emails twice, as malicious emails have been sent from addresses that reference the IRS in their name. Some emails include details that legitimize them at first glance, such as formal titles, sophisticated composition, and reference or invoice numbers. Many of these emails include malicious .pdf files or “confirmation” links that install malware or trick targets into entering login credentials.
What Can We Do to Protect Ourselves?
As we warned last November when an IRS scam scared victims with a fake overdue Tax Notice:
- The Internal Revenue Service or IRS never initiates contact with taxpayers using email. The agency always sends invoices an initial contact through US Postal Mail (USPS)
- Always scrutinize the contents of any email before clicking on links or downloading an attachment
- Be suspicious of any email that prompts you to act right away. Scare tactics are common. This includes email notifications for login attempts, password resets, locked accounts, and order notifications.
Read our guide on How to Avoid an IRS Tax Scam