Research from Proofpoint shows an increase in malicious domains and campaigns impersonating tax agencies and financial institutions, correlating with a recurring increase in tax-related activity from December through April. The research observed phishing scams in both the United Kingdom and the United States. 

In the U.K., multiple tax phishing campaigns mimicked emails from HM Revenue & Customs (HMRC) and contained URLS that would lead a target to a credential-harvesting, actor-controlled websites. 

In the U.S., malicious domains were observed impersonating legitimate financial services, applications, and organizations that are associated with accounting, payments, and tax filing. 

Selena Larson, Senior Threat Intelligence Analyst at Proofpoint, comments, “Tax-themed content is always a popular lure around tax seasons globally, and Proofpoint typically sees an increase in this content at the beginning of the year, which aligns with U.K. and U.S. tax seasons. It can be an effective lure because it pairs urgency around deadlines often combined with the threat of additional fees, disruption to business, or impacts to payments. People also may feel more compelled to reply or engage with content when it appears to come from a position of authority such as a government agency. 

“It’s important for people to be extra mindful when they see an email in their inbox that looks like it’s related to taxes, because criminals are really good at crafting convincing lures. Because many of us conduct business over email, we may be expecting to see such content and assume it’s legitimate. Additionally, threat actors often pair emails with phone calls or text messages, leveraging multiple channels to launch their attacks.

“Be mindful about common techniques threat actors use like impersonated domains and identities, language that seems to be pushy and urgent, directing people to websites that are not officially owned by the impersonated entities, and asking people to submit payments to third-party apps or websites. By understanding these tactics and maintaining vigilance, individuals can significantly reduce the likelihood of falling victim to phishing attacks and effectively safeguard their money and sensitive information.”