Keep Phishing Scams At Bay This Tax Season

Tax Season

With financial year closing around the corner, fraudsters are looking forward to cash in tax refunds. They can do anything to get their hands on your data. Therefore, you need to be extra cautious to be safe.

According to a report submitted by IRS rise of 500% is seen in phishing and malware incidents, during tax season. Attackers send business email to make this attack a success and they call it business email compromise (BEC), or business email spoofing (BES). No sector is safe from these attacks all are under attacker’s radar.

Today, in this article we will make you aware about how they work and how we can avoid being a victim to such attacks.

What is a Phishing Scam?

Phishing scam as we have already discussed and know is a type of scam followed by cybercriminals to fool people via fake email messages or websites. Cyber attackers contact the employees via common communication methods and make them believe that whatever they are hearing or reading is genuine. Thus, making them download infected software on their machines. Often attackers send emails with malicious links and attachments to infect the machine.

But, with technological advancements they have become smarter now they use social engineering techniques too as it is easy to fool the user using these methods. Attacker collects personal information of a person through social media and then uses various methods to convince that the mail they have received is genuine.

What is a W-2 Phishing Scam?

W-2 phishing is the advanced version of phishing scam. The only difference here is, that the target is either the middle management or someone from the finance & HR department.

Cybercriminals frame mails in a manner that they look genuine. Usually a W-2 form is sent to the HR or finance department and they are asked to fill in employee’s personal information for inspection. Once the receiver downloads the form an infectious code is downloaded on the machine to spread infection and steal data.

Now, the question is how scammers get the email address? Usually, they get it from the stolen data. What they do is they make minor changes to them so that the attacker receives the reply rather than the actual person.

These documents contain tax and salary information plus Social Security number, home address and location of the employee. Once these documents are received by the fraudsters they sell all these details on dark web to make money.

Also Read : Declutter Your Phone For Its Long-Life

How to Prevent W-2 Scams

  • Keep your employees educated and informed about such scams.
  • Avoid clicking on unknown links and attachments.
  • Don’t reply to the mails that ask for confidential information until you know who the sender is. Also, if they look suspicious or anything is asked out of normal procedure don’t reply.
  • Talk to the concerned person face to face before replying to mails asking for employee’s details.
  • Don’t use or rely on the contact information provided in the email to contact the concerned person. Look for their contact details under official records.
  • Avoid entering any personal information in a pop-up web page or anywhere else you aren’t aware of.
  • Run an updated software to provide security.
  • Report to the IT team when you receive a security warning or a malicious file is detected.

There are chances that if you follow the guidelines you can avoid being a victim. But attackers will try their best to infringe your privacy therefore, be attentive to what you reply and whom you trust.

These easy guidelines will protect you from threats but you must play your part. With time cybercriminals are becoming smart and more sophisticated. Therefore, you need to always be one step ahead of them.

Staying attentive, educated and aware of these scamming methods is a good first line of defense.

Also Read : How Safe Is Your Android Phone For A Digital Transaction?

Reporting of a phishing email

Looking at the increasing number of scams IRS has taken proactive measures. If you think you have received a phishing email visit here and report the incident.

If you follow these tips and keep everything inline, you can stay safe for long time. However, there is no fool proof plan but still these guidelines will help you identify such scams. You just need to be attentive and act smart when any such thing happens, that is out of normal procedure or something that seems suspicious. Hope you liked our article please share your feedback with us.