Scam of The Week: Realistic Phishing Attacks Take Advantage of U.S. Tax Season


With Tax Day only a few days away, cybercriminals are trying to take advantage of tax season through widespread phishing campaigns that aim to trick people into providing sensitive information, or opening malicious attachments containing malware designed to steal financial information or cause other trouble.

In a new report ProofPoint researchers illustrate how campaigns are targeting the tax season with realistic phishing emails and malicious attachments. These emails are used to install malware on victim's computers or convince them to submit sensitive informatIon on servers that are under the attacker's control.

Tax refund identity theft is a growing epidemic. The hassle is enormous, because when you file your own return, the IRS sends you a notice stating that “More than one tax return for you was filed”. That's when the nightmare starts, because on average it takes the IRS a long, long time to resolve tax-related theft cases.

I suggest you send the following to your employees, friends and family. Feel free to copy/paste/edit: 

ALERT: Tax season scams are peaking.  So, when you get any email or even a phone call about your taxes, or questions about your W2 from literally anybody, whether you know them or not, pick up the phone and verify with your known, trusted tax preparer that they actually sent you that email. If you send tax information via email, triple-check that the email address you are sending this to is correct and type it in yourself in the "To" field.

NEVER click on "reply" and attach your tax information, because that reply email address might be spoofed. Want to be 100% safe? Hand-carry your tax info to your preparer and do the tax return in person with them.

Here is a link to the IRS site, with more tax scams you need to watch out for:

Here is a link what to do to get your money back if your tax refund already *has* been stolen:

Let's stay safe out there.

Warm regards,

Stu Sjouwerman,

Founder and CEO, KnowBe4, Inc.


Topics: Phishing

Subscribe To Our Blog

Weak Password Test Contest

Get the latest about social engineering

Subscribe to CyberheistNews