Tax season has arrived, and cyber criminals are hanging out the “Gone Phishing” signs.
“Phishing” scams prey on a broad group of victims with the intention of snagging just a few. Criminals pose as familiar, trusted individuals in order to obtain sensitive information that can be used to file fraudulent tax returns. When a specific group of victims is targeted – such as tax professionals – the scam is known as “spear phishing”.
A spear phishing attack begins with an innocent-looking email. The criminal usually baits the hook by using a familiar phrase in the subject line, such as “Tax Return” if the email is being sent to a tax preparer. The criminal will then attempt to establish credibility by referencing something familiar to the intended victim, such as “got your email address from the Chamber of Commerce” or another local professional organization. The email usually continues with a request for some type of sensitive information, such as a password, or may include a link or an attachment where the potential victim will supposedly find further information. If the link or attachment is opened, it frequently downloads malware that enables the criminal to steal sensitive information.
While the IRS offers assurances that they have a team in place to deal with this type of criminal activity, they warn that there is not a definitive solution to this problem. Both taxpayers and tax professionals must be on guard as well. Here are a few suggestions about how to protect against this scam:
If you receive an email from someone you don’t know, be on guard. If the email encourages you disclose sensitive information – don’t! If the text of the email references someone you know, verify with that person the identity of the email sender.
Don’t Open Attachments
If the email contains an attachment, don’t open it until you’ve verified that the sender is legitimate. Sometimes criminals will include a link. Usually the link is in tiny URL format, which helps disguise the web address. Before clicking on the link, hover your cursor over the link to display the full web address. If you don’t recognize it, don’t click the link!
Maintain up to date security software on your computer to defend against phishing, viruses, and malware. Make sure your security software updates automatically.
Protect your Passwords
Develop a complex password including a mix of letters, numbers and special characters. Or better yet, use a phrase instead of a single word. Do not use the same password or phrase for all your online accounts.
If you believe you have received a tax-related phishing email, forward it to the IRS at: firstname.lastname@example.org.