Beware of Fake IRS Emails this Tax Season

Read

Tax season is here, and it’s bringing an unwelcomed plate to the party:  Phish.  Once again fraudsters are seizing the opportunity to deceive and manipulate their targets by sending e-mails that are designed to appear as though they come from the IRS.

CaptureThe phishing e-mails typically contain ambiguous subject lines and solicit recipients to click on a link to provide information.  See the image for a recent example.

Clicking the link could lead you to a fake IRS website that requests information. Other versions of the attack come with an attachment that contains embedded malware, such as ransom ware. Regardless of the method of attack, improper handling of such emails can have devastating impacts on individuals and organizations.

What makes this threat especially dangerous is that it purports to come from the IRS at a time when many taxpayers and practitioners have the agency already on their minds. In fact, pretending to be an authority is a frequent method of deception used in social engineering attacks because authorities are familiar, imposing, and potentially associated with trustworthiness.

This scam is not new by any means.  Last year the IRS issued a warning about a similar phishing threat. Furthermore, the IRS has created an informational webpage with instructions about what to do if you believe you are receiving fraudulent contact from someone pretending to be from the IRS through various means, including phone calls, letters, faxes, and text messages.

Keep in mind that the IRS will never initiate contact via email. If you receive an unsolicited or unexpected email claiming to be from the IRS, you should delete it without clicking on links or opening any attachments and you should report it. Forwarding these emails is also ill-advised because doing so exposes others to risk.

You can report tax scams online or by calling 800-366-4484.

Individuals and businesses need to educate themselves about social engineering attacks so they can effectively defend against them.  Because these attacks manipulate social behavior, they can threaten anyone, regardless of an individual’s experience level with technology.

To learn more about how you can defend against phishing emails and other social engineering attacks, contact the Risk Advisory Services team at Kaufman Rossin.

Leave a Reply

Your email address will not be published. Required fields are marked *

We respect your personal information. Please review our Privacy Policy for more details.