Keeping Your Data Safe During the Tax Season
Now that tax season is upon us, and the tax deadline is approaching (April 15th for the US and April 30th for Canada), hackers are dusting off their tax scams to trick consumers. Social engineering tools, like phishing, are becoming more and more sophisticated – especially with the ever-changing technology.
These fraudulent emails (and phone calls too) appear legitimate and take advantage of those who are often too busy or are simply unprepared to identify a scam.
The IRS is reminding people to remember that “the IRS doesn't initiate contact with taxpayers by email, text messages or social media channels to request personal or financial information. In addition, IRS does not threaten taxpayers with lawsuits, imprisonment or other enforcement action.”
If you receive an email with a sense of urgency requesting something must be done “NOW”, requesting a money transfer, poor grammar or misspelled words, or an illegitimate domain, they more than likely will be a phishing email. With tax season here, tax-related themed emails may become a hot commodity your email inbox.
Phishing Email Example: NetWire Malware Distribution
This example centers on malware delivery and was identified by the Proofpoint researchers observed a campaign with thousands of messaged with a Microsoft Word document attached that contained macros. When executed, NetWire malware would be installed (tip: don’t open unexpected attachments!).
Another NetWire capmaign that was executed was from the Indian government demanding payment for outstanding taxes. In this case, victims follow a link with a URL shortener to download NetWire.
Photo credit: Proofpoint
Another example of a phishing scam to watch out for during Tax Season is a Robocall. The hacker will call you claiming to be an IRS official and demand payment and or mentioning that you have not filed taxes yet.
The IRS will NOT:
Call you to demand immediate payment. The IRS will not call you if you owe taxes without first sending you a bill in the mail.
Demand that you pay taxes and not allow you to question or appeal the amount you owe.
Require that you pay your taxes a certain way. For instance, require that you pay with a prepaid debit card.
Ask for your credit or debit card numbers over the phone.
Threaten to bring in police or other agencies to arrest you for not paying.
How can we avoid falling victim to one of these savvy phishing scams? Here are a few IT security tips to remember:
Check the sender of the email as well as the "to" and "cc" fields.
Improper spellings and grammar are a big giveaway!
An overwhelming sense of urgency requesting personal information or payments
Be wary of links and attachments - only click on those you are expecting! (Tip: Hover over the link to see where the URL will take you to be sure!)
Suspicious emails from trusted sources can happen. If your friend/colleague sends a strange message, their account may have been attacked.
This article was previously written in 2019 and has since been updated.