BLOG

Articles about website spoofing, cybersecurity trends, and how to protect your customers from hackers.

Online Payment Scams to Multiply with New IRS Rules for 2022

31 - March 2022

The White House’s 2021 American Rescue Plan may also lay out plans for fraudsters’ 2022 online payment scams. The new law doesn’t introduce new taxes, but rather institutes new reporting requirements. The IRS requires the reporting on form 1099-K of any business revenue over $600 paid using any of the payment apps.

If you are a gig worker or small business owner and a user of PayPal, Zelle, Venmo, Google Pay, Apple Pay, Samsung Pay, Xoom, Square, Stripe, Circle Pay, Facebook Messenger, or other payment apps; this new reporting requirement will directly affect you in ways you might not like.

Digital Payments Services Will Require Tax Information for 2022

If they haven’t done so already, the payment apps will request your tax filing information, either your Social Security number or employer identification number. Don’t be fooled by the obvious onslaught of impersonations we will all be seeing soon. Be wary of fake, rogue mobile apps impersonating payments app you use and trust. You might be asked by payment apps you don’t even use. And you may be asked many times. Don’t get annoyed, get suspicious, fast.

Scammers Will Launch Online Payment Scams Exploiting New IRS Rules

Fraudsters may take advantage of the new Form 1099-K reporting threshold from a couple of angles online. They may create fake websites impersonating the IRS.

Fake IRS Websites

Consider the 2021 garden variety impersonation of the IRS seen in the image below. It certainly looks real, but it is a fake, and a fraud intended to convince you that you are browsing at the official IRS government site. Clicking OK will send you along to a fake page asking you to enter your Social Security number. This is one of many IRS impersonations we commonly see at Allure Security, and we expect to see many more.

Online payment scam using fake IRS website
Fake IRS website page discovered by Allure Security

Fake Websites Impersonating Digital Payments Services

Fraudsters may also create fake websites impersonating various payment services companies. Under the guise of needing to collect or update victims’ tax information, these fake websites will likely attempt to steal payment app credentials, as well as, other payment and banking information.

The images below show how convincing these online payments scams can be. Allure Security’s brand impersonation detection engine discovered this fake website imitating the Venmo brand just last month. The URL for this site bears no resemblance to the official Venmo website and so traditional domain monitoring would not have identified this scam. Only via AI-powered analysis of the images and text on the page can a scam such as this be found.

If you visit the official Venmo website, you will see that the fake log-in page below is nearly indistinguishable.

Online payment scam using fake Venmo website 1
Fake Venmo website log-In page from online payment scam discovered by Allure Security

When you click the “Sign In” button on the scam site, you’re taken to the screen below. You’ll see that the scammers don’t stop at stealing your Venmo credentials, they’ll happily accept your payment card details as well.

Online payment scams using fake Venmo website 2
Fake Venmo website payment card billing information page from online payment scam discovered by Allure Security

And in the interest of being thorough, as the following image demonstrates, the scammers also request your banking credentials and PIN.

Online payment scam using fake Venmo website 3
Fake Venmo website bank account billing information page discovered by Allure Security

Tips for Protecting Yourself Against Tax-Related Online Payment Scams

Just knowing that fraudsters might target you with such a scam is a good first step to remaining vigilant.

In addition to staying wary, keep the following tips in mind as well this year:

  1. Take it upon yourself to update your tax information within a payment app before a request is made of you and don’t enter your credentials anywhere outside of the official website or mobile app
  2. The IRS does not contact taxpayers via e-mail to request personal information, such requests are typically initiated via postal mail
  3. The IRS will not threaten to have a taxpayer arrested or ask for immediate payment via gift cards, payment apps, or wire transfers – for the most part the IRS will send a bill via postal mail and only request payments payable to the U.S. Treasury
  4. Avoid sharing any payment account details (payments apps or otherwise) on social media whether publicly or privately

For more tips on staying safe, visit the IRS’s Tax Scams and Consumer Alerts web page or search “fraud” within a particular payment service’s help center.

Posted by Salvatore Stolfo

CONTACT US

Phone Number - (877) 669-8883