Information Security Tips

US Tax Season Phishing Scams and Malware Campaigns

In the past, US-CERT has received reports of an increased number of phishing scams and malware campaigns that take advantage of the United States tax season.  Due to the upcoming tax deadline, US-CERT reminds users to remain cautious when receiving unsolicited email that could be part of a potential phishing scam or malware campaign.

These phishing scams and malware campaigns may include, but are not limited to, the following:

• information that refers to a tax refund
• warnings about unreported or under-reported income
• offers to assist in filing for a refund
• details about fake e-file websites

These messages which may appear to be from the IRS, may ask users to submit personal information via email or may instruct the user to follow a link to a website that requests personal information or contains malicious code.

US-CERT encourages users and administrators to take the following measures to protect themselves from these types of phishing scams and malware campaigns:

• Do not follow unsolicited web links in email messages.
• Maintain up-to-date antivirus software.
• Refer to the IRS website related to phishing, email, and bogus website scams for scam samples and reporting information.
• Refer to the Recognizing and Avoiding Email Scams (pdf) document for more information on avoiding email scams.
• Refer to the Avoiding Social Engineering and Phishing Attacks document for more information on social engineering attacks.
• Review the Wall Street Journal blog post "Cybercrooks Digging for Tax Data" for additional suggestions for protecting against these types of attacks.