Tax forms are filled with personal and corporate information that hackers and thieves are eager to get their hands on.
Every year, the IRS issues a list of common tax scams that they call the “Dirty Dozen”. On the top of that list, not surprisingly, is phishing.
This week the IRS is warning about a renewed phishing email scam targeting HR/payroll executives at companies asking for a list of all employees and their W-2 forms. Examples of other phishing attempts could be: emails asking tax professionals to update their accounts via a fake website or individuals receiving email with a link to view information about their refund.
Even security conscious people can be victims of phishing attacks – just look at the numbers: Phishing attacks are up 65% from 2015 and 30% of phishing emails get opened. A little education on how to distill legitimate email communications from fake malicious communications can help, particularly this time of year when tax-related incidents at on the rise.
Some tips on how to protect yourself or your business from phishing attacks include watch for misspellings and .exe file attachments. One of the top giveaways to a phishing email is a fake source. Look at who sent the email, the actual email address and domain as well. Chances are if it is fake, there is a misspelling, nonsensical string of letters and numbers and the display names that don’t match the mail to address.
I’ve included a quick list of tips for spotting phishing emails from unknown senders below. Would you be interested in speaking with GlobalSign to discuss further how to avoid becoming a victim of such an attack? Please let me know and I’d be happy to coordinate.
- Vague subject line – no reference to the order number, product etc.
- Grammar – repeated use of “please” in the body of the email, sentence is awkwardly worded.
- Lack of personalization – the greeting only says “Hi”, which is somewhat strange for such a specific email (i.e. not a mass send).
- Lack of details – very simply stated, no product or service details are given, no reference to a mutual contact.
- File name – the name of the invoice isn’t specific to a project or company, no details given at all.
- Email signature mismatch – the details of the email signature don’t match the sender details (e.g. name, email address).