It’s tax season — the time when many cyber criminals ramp up their efforts to trick people into clicking malicious links or providing their business or personal information. Scammers know many people are expecting to receive tax-related correspondence, such as messages from government tax agencies. Targeting individuals’ personal or business email accounts with tax-related phishing emails is a tactic that threat actors commonly use.
Tax season 2021: Malicious emails can target anyone.
The Internal Revenue Service (IRS) is advising consumers and businesses to be especially cautious right now about potential tax scams. The agency offers guidance on its website, about campaigns targeting consumers and businesses.
The IRS website warns that: “Thousands of people have lost millions of dollars and their personal information to tax scams. Scammers use the regular mail, telephone, or email to set up individuals, businesses, payroll and tax professionals. The IRS doesn’t initiate contact with taxpayers by email, text messages or social media channels to request personal or financial information. Recognize the telltale signs of a scam.”
The IRS also recommends that consumers and businesses visit this page on its website: “How to know it’s really the IRS calling or knocking on your door.”
Alert users that cyber criminals may try to trick them this tax season
Being alert to scammers is the key to protecting personal and private information, both at work and home. And now is a great time to remind your users of the routine practices that will help them avoid malicious deceptions. Ensure all your users understand the following:
- All emails and texts should be carefully inspected, especially those claiming to be from the IRS; as noted above, the IRS does not send emails or text messages.
- Do not provide personal information via email.
- Carefully inspect URLs before clicking on links in tax-related search results; scammers have been known to set up impersonation websites of legitimate tax preparation companies.
- Don’t take the call: The IRS will not call you. If someone calls claiming to be from the IRS, do not provide any information; promptly hang up.
Also, take the advice of security industry experts like Sherrod DeGrippo, Senior Director, Threat Research and Detection, at Proofpoint. She noted the following in her recent blog on tax scammers:
There are ways that you can better protect yourself this year, and every year.
First, treat all tax-themed attachments as potentially malicious email attachments. These days, many tax preparation and accounting companies don’t send information as attachments through regular email. They’re increasingly using secured email and document sharing portals. If you get an email with a tax-themed attachment, even one you may be expecting, verify with the sender before opening it.
Second, if you are a smaller tax preparation or accounting firm and you have a website, make the security of your website a top priority. Even if it’s just a website with your address and information, it’s still a bigger target for attackers than other websites, especially this time of year.
Look at hosting your website somewhere where the hosting company will handle the updates and security for you. Unless you have the time, resources, and expertise to do the security yourself, this is the best and easiest way to ensure your site is safe for your customers and visitors.
Tax scams: Note the incorrect web address for this fake advertisement.
Alert your users to tax-season scams! Use the Proofpoint Tax Season Awareness Kit
To help organizations raise privacy awareness of tax season scams and IRS phishing attacks, we’ve curated a selection of free resources to help your users spot and avoid tax-related attacks.
The Proofpoint Tax Season Awareness Kit provides written and visual content, including video, that can be emailed, displayed, posted or presented throughout tax season. In addition to providing a description of the materials and how to use them, we offer a suggested communication plan and schedule. You’ll also find guidance and tips for successfully executing a tax season awareness campaign with the materials provided.
Overview of the Proofpoint Tax Season Awareness Kit materials.
Overview of the Proofpoint Tax Season Awareness Kit materials.
Start now
We suggest rolling out this kit immediately. In this kit, we provide a two-week rollout of the Proofpoint Tax Season Awareness kit to help your users stay safe:
Week 1: Launch the program; provide the IRS web page link, information flyer and posters to users.
Week 2: Engage users with humorous videos to raise awareness of tax fraud and reinforce phishing awareness and how to handle confidential information.
We also encourage you to review your specific challenges and adjust this suggested rollout to meet your organization’s needs during tax season.
Check out our Security Awareness Training Content
Do you know that we have a full Content Library of Proofpoint Security Awareness Training (PSAT)? Our solutions can help you deliver the right training to the right people at the right time and accelerate behavior change. Download our content solution brief to learn more.