With the filing deadline for tax extensions looming, it is a good time to review some of the most devious and dangerous techniques cyber criminals use to cheat their victims by creating fraudulent tax returns. The Internal Revenue Service (IRS) has published a list of six tips to combat some of the latest frauds, including the “red flags” that may help you identify the scam.

1. Spear phishing.Nine out of 10 cyberattacks and data leaks begin with spear phishing email. Spear-phishing crooks pose as familiar entities, and have usually done extensive research to target a specific audience – tax pros are favorites – to gain passwords or install malware.

Red flags: The supposedly familiar source of the email; conversational but ungrammatical and oddly constructed language; calls to action urging opening of a link (often a “tiny” URL to mask the true destination).

2. Hostile takeovers.In these mushrooming schemes, a thief manages to steal or guess the username and password of a tax pro, resulting in the imaginable and horrific havoc. Again, these hardworking thieves do their homework to pose as a familiar organization, potential client, another tax pro, a bank or a cloud-based storage provider. Links or attachments may also load malware on computers to capture keystrokes.

Red flags: Urgent and threatening calls to action; pages that looks like the login pages for IRS e-Services or prep-software providers.

3. Day at the breach. In the first five months of this year, about 107,000 taxpayers reported being victims of ID theft – a total actually down from previous years – but the IRS also saw a jump in ID theft involving business-related tax returns, including 1120s and 1120Ss, 1041s and Schedule K-1 filings. The IRS will soon ask tax pros to gather more information on their business clients to help authenticate returns, including Social Security numbers, payment history and parent company information.

Red flag: Potential business clients claiming they don’t currently have an EIN.

4. Ransom devil.Ransomware attacks are on the rise worldwide, locking computer systems and holding sensitive data hostage until users pay crooks to release the data (though often scammers won’t provide the decryption key even after a ransom is paid). Users generally are unaware that malware has infected their systems until they receive the ransom request.

Red flag: Phishing emails.

5. BEC to the wall.A burgeoning W-2 scam – a.k.a., a business email compromise, or “BEC” – is one of the most dangerous phishing email schemes trending nationwide. A cybercriminal impersonates a company or organization executive’s email address to target a payroll, financial or HR employee with a request for a transfer or funds or a request a list of all employees and their W-2s. This allows crooks to file fraudulent returns that mirror the employees’ actual income, making the fraud harder to detect.

Red flags: Slight variations in familiar URLs (for example, legitimate abc_company.com email domain reads as “abc-company.com”); “reply” email address is different from the “from” email address.

6. Speak up.If you suffer a breach or theft data you should immediately contact the IRS and cops quickly: Crooks work like lightning to convert stolen data into phony returns.

Need more information on potential tax fraud schemes? Contact Gray, Gray & Gray’s Tax Department at (781) 407-0300.