During the tax season, there is typically an increase in the number of phishing emails related to financial matters. To obtain sensitive information, cybercriminals use fake emails or text messages indicating a problem with a bank account, credit card, or even a payroll question that must be answered immediately. Other tactics include attempting to obtain login credentials by telling recipients their password is about to expire. Attackers issue phishing emails to millions, hoping that a handful of recipients act on their ill-intended requests.
Some common financial phishing emails include:
- Emails with a link to a fake W-2.
- Emails with a link to a “financial account” asking users to log in or verify their information in order to avoid some consequence.
- Emails asking users to update their financial information in order to access documents.
- Emails asking users to make a credit card payment for overdue taxes.
- Emails with an invoice requesting immediate payment.
Tax Season Phishing Emails- IRS
The Internal Revenue Service typically sees an increase in ongoing IRS-impersonation scams during the months leading up to tax day, that appear to primarily target educational institutions and users with .edu email addresses. The fake emails typically include the IRS logo and use various subject lines such as “Tax Refund Payment” or “Recalculation of your tax refund payment.” They ask people to click a link and submit a form to claim their refund. It also requests personal information, including Social Security numbers and date of birth. People who receive this type of scam email should not click on the link in the email, but they can report it to the IRS. For more information please visit this article from the IRS.
Tax Season Phishing Emails- ADP
ADP is often a target for fraudulent schemes that attempt to steal users’ information. During tax season there is typically an increase in phishing emails in order to perpetuate W-2 fraud. Users may receive phishing emails that claim their W-2 tax form is ready or that they need to update their information in ADP in order to access their documents. The phishing emails typically contain clickable links that lead to a fraudulent, spoofed site that resembles legitimate ADP login screens.
In its simplest form, W-2 fraud occurs when a cybercriminal steals a user’s W-2 and other sensitive information. The criminal then processes the tax return and obtains the user’s tax refund unlawfully. When the user goes to file their taxes, they are alerted that the return has already been filed. Additionally, the fraudster may use the user’s credentials and other personal information to perpetuate other forms of identity theft. If an email seems suspicious, do not click on any of the links or open any attachments in the email.
Cybercriminals Targeting Payroll
Cybercriminals will try to commit payroll fraud and steal funds by sending fake phishing emails requesting a change to bank account information. The emails are sent with a request for a change of banking details and appear to use an email similar to an employee’s email account. Once the change is made, the employee’s payroll is diverted to a fraudulent account.
Common email subject lines for this scam include:
- “Urgent Payroll Request”
- “Urgent Request!!”
- “Re: (Employee name)”
How do I protect myself against phishing?
Be cautious of requests for bank account changes that originate via email, especially if the email has a vague or urgent subject line. You can take several proactive measures to protect yourself against phishing. Be suspicious of messages that:
- Seem urgent and require your immediate response
- Request personal information such as user ID, password, PIN, email address, or Social Security number even if it appears to be coming from a legitimate source
- Are addressed generically, such as “Dear Customer”
If an email seems suspicious, do not click on any of the links or open any attachments in the email. If you do, your computer can become infected with malware. Even if it sounds legitimate, do not call the number given in the message or respond to the message, instead forward the email to email@example.com for verification.