A Familiar Phish Preludes The New Tax Season

Tax season is here, so are scammers

The Internal Revenue Service has announced that the 2024 tax filing season has officially begun, with an expected 146 million individual tax returns to be filed. While it is costly and complex for the IRS to process so many digital and paper documents, it can also be a headache for many Americans.

Unsurprisingly, this is also the time of year where we see an increase in tax-related scams. From unsolicited phone calls claiming you owe money to the IRS to bogus tech support with your accounting software, fraudsters are just one step away from robbing you.

In this blog post, we will focus on the dangers of looking for assistance online and the numerous malicious ads trying to reel you in.

Calling the IRS

People will often go on Google to search for a phone or contact number for a business they are trying to get in touch with. Scammers are very well aware of this and will purchase ads to appear at the top of the search results.

Sometimes, somewhere in the fine prints such advertisers will say they are merely a third-party company providing services. But most people don’t read the fine print, and besides, the tactics used here are generally high deceiving.

A search for ‘IRS support’ returns the following ad claiming to be the “IRS Support Line”:

The website tied to this ad is shown with the corresponding advertiser (left), while a different website from a different advertiser is seen (right). Both have the same template. Which one is the real one? Are any of these identities even real?

A testimonial mentioning the aforementioned website seen in the ad claims that it existed back in 2016 while whois records show the domain name was only created in 2023. To add insult to injury, the same testimonial was also used to promote a different domain. Did the same person prepare their taxes on two different sites in 2016, when neither of them actually existed yet?

Tax software

There are a number of programs to help you file your taxes. As intuitive as they can be, it is quite common for people to have a problem with the software itself or a specific question related to taxes.

Scammers buy ads on search engines that often show before the product’s official website. Those ads are extremely misleading for the average user who’s looking for assistance.

One technique they use to bypass ad validation checks is using special or similar-looking characters in the particular brand they are impersonating.

Victims end up on the phone with someone in a large call center, typically located in a foreign country. While the pitch varies, a common scam consists of selling expensive support plans, such as in this example below which is for the first advert seen earlier:

AI-assisted taxes

AI has been all the rage in the past year or so. We are seeing a number of dubious services advertised online that claim to give quick answers after paying a small fee.

With AI comes a lot of potential for abuse and scammers are already leveraging this tool to automate a lot of interactions that seem human-like. It becomes less human when two different sites with a different expert assistant answer the exact same way.

We did not investigate these services fully, so we won’t be showing their full name. However, please beware that they are highly suspicious.

Avoiding scams

These days it has become increasingly difficult to navigate online without being exposed to a scam. People have become accustomed to trust their search engine and naturally follow the different paths laid in front of them.

While some websites look obviously fake to someone, they may fool someone else. At the same time, the tools to build convincing schemes are readily available to anyone for free.

  • Before calling a number, ensure that it is legitimate by visiting the official site directly.
  • Beware of unsolicited phone calls or emails, especially those that ask you to act immediately.
  • Beware of impersonators which may hide behind sponsored results and instead click on organic search results.
  • Always check the website you visit by looking at the address bar. If in doubt, close the page and open a new one.
  • If a website asks you for a small fee upfront it likely is trying to get your credit card to sell you more expensive services.
  • Use security software that blocks phishing domains and other scam sites. Malwarebytes Premium does this, leaving your computer and financial assets protected.

We don’t just report on threats—we remove them

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.


Jérôme Segura

Principal Threat Researcher