- The scammers are using AI to impersonate IRS and scam taxpayers
- AI is also helping attackers to climb quickly through multiple vectors
- Microsoft shares some simple tips to protect yourself
The scammers are increasingly using artificial intelligence to feed malicious activities, and many opt for voice scams generated by AI and deep defags to supplant tax preparators, accountants or IRS officials.
With US citizens who participate in Tax Day, the increase in voice phishing attacks (Vishing) means that we are seeing cybercriminals that exploit personal details stolen from convincingly false identities and taxpayers’ scams to share delicate financial documents and details.
While consumers have been familiar with email phishing signs, this new attack vector is taking more unsuspecting victims.
Vishing scams are directed to taxpayers
With US citizens who participate in Tax Day on April 15, a new Microsoft threat intelligence report hopes to educate users about how they can better protect their data.
Some easy solutions include the implementation of multifactor authentication in online accounts and verify the authenticity of the URLs: Url see again, users can avoid possible scams, such as the use of a superior ‘I’, which is often used instead of a low box ‘L’ in attacks.
In addition, citizens must familiarize themselves with verified communication methods, for example, the IRS does not start contact by email, text messages or social networks to obtain personal or financial information, so a message like this should immediately sound the alarm bells.
The generative AI has allowed scammers to climb their attacks and create highly credible phishing communications, including realistic emails, voice calls and videos. It can be used at all levels of the attack, from deciding what to say or write to elaborate content in the form of emails, websites and even voice imperses.
Scammers can even manipulate search classifications to direct victims to fake sites that promise tax reimbursements, increasing their sense of authenticity.
Other common attacks may include malicious PDF attachments, the use of QR codes and legitimate services such as Dropbox and Docusign false destination pages. Engineering, IT and Consulting Workers are among the most likely to be attacked.
