Tax season is in full swing, but time is running out if you haven’t submitted them yet. It’s not just regular taxpayers who feel the deadline inching closer. Scammers are also looking to make a quick buck.
Cybercriminals are again impersonating agents from the Internal Revenue Service (IRS), employing all the tricks in their malicious arsenal. In addition, scammers are sending out emails that could infect your device with malware.
Read on to learn how to spot these fake emails and what to do if you receive one.
Here’s the backstory
There are many ways for cybercriminals to steal your details or fool you into handing over information. But one of the most effective methods is through phishing emails.
The latest trend in phishing is by spoofing actual companies or government agencies. If you fall for the scheme, you’ll end up on a fraudulent website designed to infect your device with malware or steal your credentials and/or money.
Security researchers at Cofense noted an alarming increase in the use of the well-known Emotet malware but made some changes to how it operates. Previously, criminals used the W-9 tax document as a delivery method, but the preferred method is impersonating IRS agents this year.
Cofense explains that the phishing emails use the IRS logo, explicitly mentioning where you work and attaching a password-protected file. Ignoring all the possible warnings from Microsoft, Emotet malware gets installed on your device if the file is opened and macros enabled.
How to avoid these phishing scams
The most important thing to remember is that the IRS doesn’t initiate contact with taxpayers by email, text messages or social media to request personal or financial information.
Instead, as noted by the agency, the first contact is generally through a mailed letter delivered by the U.S. Postal Service. If the IRS needs to visit you, it will also send you a letter in advance. Here are ways to avoid falling victim to phishing scams.
- Be cautious – Don’t click on links and attachments that you receive in unsolicited emails.
- Stay calm – If the message gives you a sense of urgency, delete it.
- Signs to watch for – Spelling and grammar errors are big red flags.
- Added security – Use two-factor authentication when available and password managers for better security.
- Stay updated – Keep your operating systems, apps and devices updated with the latest official software and patches.
- Have a trusted antivirus program on all your devices – We recommend our sponsor, TotalAV. Right now, get an annual plan with TotalAV for only $19 at ProtectWithKim.com. That’s over 85% off the regular price!
Another spoofing scam to watch for
Scammers also have recently started to impersonate FTC Commissioner Rebecca Kelly Slaughter. A statement from the agency warns that fraudulent emails claim that you won a prize or that there is some outstanding COVID-19 issue.
Here are suggestions from the FTC to avoid falling victim:
- The FTC won’t email, call, text, or message you to ask for money or information. Not your bank account, credit card, or Social Security number. Not your birthdate. And never, ever money.
- The FTC doesn’t give awards or funds related to COVID-19. Anybody who says the FTC has a prize or award for you, or has a benefit related to COVID-19 — that’s a scammer.
- Only scammers will demand payment by gift card, cryptocurrency, or money transfer. Period. Scammers love getting you to pay in those ways because it’s easy for them to disappear with your money — and hard for you to get it back.
If you get an email from anyone asking for personal information or money, report it to the FTC at ReportFraud.ftc.gov.
This dangerous malware can steal 2FA codes to break into your accounts
Watch out for this malware that can hijack your email threads