As April 17th (US) and April 30th (Canada) near, cyber scammers are pulling out all their tax scams to trick consumers and capitalize on the flurry of activity. Our friends over at Proofpoint say that this time of year, [they have] tracked malware distribution in addition to the customary phishing schemes among the email threats related to federal taxes.
The IRS is also urging people to remember that “the IRS doesn't initiate contact with taxpayers by email, text messages or social media channels to request personal or financial information. In addition, IRS does not threaten taxpayers with lawsuits, imprisonment or other enforcement action.”
So to help our clients stay vigilant, we’re highlighting some recent phishing tricks and sharing phishing flags every employee should recognize.
IRS Phishing and Malware Scam Examples
Example 1: Malware Distribution
Example 2: IRS Phishing Email + Webpage
The next IRS phishing scam example also comes from Proofpoint’s analysts. (Side note, here at Eze Castle we use Proofpoint internally and provide it to our clients.)
Proofpoint says that “tax-themed phishing remained the most popular attack this season. These phishing schemes continue to employ a variety of templates and attack styles and, for the first time, adopted some of the more sophisticated approaches [Proofpoint has] previously observed in Gmail and PayPal phishing schemes.
The following image highlights an email claiming to be from the IRS (note the domain is not a valid US government top-level domain (i.e. .gov).
Proofpoint also states that “the attached document “IRS-gov Copyright.html” is a phishing page that sends the personal information collected in the form back to the attacker. The use of HTML attachments rather than links is not a novel approach, but in this case the stolen branding and template used accurately mirror real pages from irs.gov. The email lure, despite some grammatical errors, also effectively uses the stolen IRS branding and imparts a sufficient sense of urgency to encourage users to submit the form.”
Red Flags to Help Avoid Tax Season Phishing & Malware Scams
Phishing attempts can occur via email, phone, instant message, SMS or social media. Here’s what to look out for:
Check the sender email address as well as “to” and “cc” fields
Is it personalized? Be wary of generic greetings
Improper spelling and grammar can be giveaways as well
An overwhelming sense of urgency requesting personal information
Links! Only click on those that you are expecting (same goes for attachments)
Suspicious emails from trusted sources can happen. If your friend/colleague sends a strange message, their account may have been attacked.
Be aware that landing on the wrong website can expose a firm to risks, so be on the lookout for these signs that could signal it is a malicious site:
Check for the presence of an address, phone number and/or email contact
Check the web address for misspellings, extra words, characters or numbers that seem off or suspicious
Roll your mouse pointer over a link to reveal its true destination, displayed in the bottom left corner of your browser
If there is NO padlock in the browser window or ‘https://’ at the beginning of the web address to signify that it is using a secure link, do not enter personal information on the site
Be wary of websites that request lots of personal information
Avoid ‘pharming’ by checking the address in your browser's address bar after you arrive at a website to make sure it matches the address you typed
Be wary of websites that are advertised in unsolicited emails from strangers
Simulated phishing attacks, such as those provided with our Eze Managed Phishing and Training Service, expose employees to safe "real-world" phish attacks and actively change an employee's cyber behavior. Learn more HERE.
1Source: Proofpoint's article, "Another Tax Season Brings More Phishing Lures and a Variety of Malware"