It’s the end of the year again (already!), and as usual, there are lots of scams out there having to do with the holidays and tax time. Cybercriminals use such scams every year because they work. People are busy trying to shop and get ready for the holidays, and often become a little frazzled and careless. Prepping for tax time often just adds to these burdens. A perfect time to pull a scam! Here are a couple that were in the news this week.
This one was in Security News, and this is the gist: “Experts Urge Users to Ignore Facebook Christmas Bonus Scam. Identity theft experts are warning Facebook users to be on the lookout for a “Christmas bonus” scam which appears to be endorsed by their friends on the social network. Variations on these scams appear to have been circulating on Facebook since at least 2015. Most recently, users are being targeted by messages claiming to offer them a “Christmas bonus” or “Christmas benefit,” according to the non-profit Identity Theft Resource Center (ITRC). …Although there are variations on this theme, the bottom line is that the scammers want either victims’ personal information or their money, or both. They will usually ask for personal details in order to process the ‘bonus.’ They may also ask for a small ‘transfer fee’ in order to wire the winnings into the victim’s bank account”. Social media: always a ripe venue for scamming.
This is another one that was in Security News about a fraudulent IRS form. Here is a sample: “New IRS Form Fraud Campaign Targets G Suite Users. A new scam using an IRS form as its mechanism has been found targeting users of Google’s G Suite, with as many as 50,000 executives and “important” employees affected so far. The campaign, discovered and reported by researchers at Abnormal Security, claims to contain an IRS W-8BEN form in PDF format. The attached form asks for far more personal information than required on the actual W-8BEN, which is the form needed to maintain a nonresident tax-exemption status. While there is no malware payload attached to the email, providing all the requested information would give the attacker’s a treasure trove of personal info that could be used for identity theft and other fraud.”
Watch out for these and other scams like them. Never trust that simply because a website or document looks legitimate it really is. Smoke, mirrors and misdirection updated for the age of cybercrime!