Articles about website spoofing, cybersecurity trends, and how to protect your customers from hackers.
The White House’s 2021 American Rescue Plan may also lay out plans for fraudsters’ 2022 online payment scams. The new law doesn’t introduce new taxes, but rather institutes new reporting requirements. The IRS requires the reporting on form 1099-K of any business revenue over $600 paid using any of the payment apps.
If you are a gig worker or small business owner and a user of PayPal, Zelle, Venmo, Google Pay, Apple Pay, Samsung Pay, Xoom, Square, Stripe, Circle Pay, Facebook Messenger, or other payment apps; this new reporting requirement will directly affect you in ways you might not like.
If they haven’t done so already, the payment apps will request your tax filing information, either your Social Security number or employer identification number. Don’t be fooled by the obvious onslaught of impersonations we will all be seeing soon. Be wary of fake, rogue mobile apps impersonating payments app you use and trust. You might be asked by payment apps you don’t even use. And you may be asked many times. Don’t get annoyed, get suspicious, fast.
Fraudsters may take advantage of the new Form 1099-K reporting threshold from a couple of angles online. They may create fake websites impersonating the IRS.
Consider the 2021 garden variety impersonation of the IRS seen in the image below. It certainly looks real, but it is a fake, and a fraud intended to convince you that you are browsing at the official IRS government site. Clicking OK will send you along to a fake page asking you to enter your Social Security number. This is one of many IRS impersonations we commonly see at Allure Security, and we expect to see many more.
Fraudsters may also create fake websites impersonating various payment services companies. Under the guise of needing to collect or update victims’ tax information, these fake websites will likely attempt to steal payment app credentials, as well as, other payment and banking information.
The images below show how convincing these online payments scams can be. Allure Security’s brand impersonation detection engine discovered this fake website imitating the Venmo brand just last month. The URL for this site bears no resemblance to the official Venmo website and so traditional domain monitoring would not have identified this scam. Only via AI-powered analysis of the images and text on the page can a scam such as this be found.
If you visit the official Venmo website, you will see that the fake log-in page below is nearly indistinguishable.
When you click the “Sign In” button on the scam site, you’re taken to the screen below. You’ll see that the scammers don’t stop at stealing your Venmo credentials, they’ll happily accept your payment card details as well.
And in the interest of being thorough, as the following image demonstrates, the scammers also request your banking credentials and PIN.
Just knowing that fraudsters might target you with such a scam is a good first step to remaining vigilant.
In addition to staying wary, keep the following tips in mind as well this year:
For more tips on staying safe, visit the IRS’s Tax Scams and Consumer Alerts web page or search “fraud” within a particular payment service’s help center.
Posted by Salvatore Stolfo