Each year there is a wave of Christmas phishing scams during the holiday season, as cybercriminals attempt to steal sensitive information to enable them to file fraudulent tax returns. This year is likely to be no different.
Last year saw a major increase in Christmas phishing scams, and the prospect of another barrage of phishing emails has prompted the IRS to issue a warning to consumers to be alert to new, sophisticated email scams during holiday season. The IRS warns that falling for such a scam could endanger both personal information and next year’s tax return.
As the IRS points out in its warning, cybercriminals take a direct route when it comes to obtaining Social Security numbers, bank account information, credit card numbers, and personal information. They simply ask for the information.
Links are sent via email, and clicking on those links directs users to phishing websites where they are asked to confirm sensitive information. The scams are highly convincing, the websites appear to be legitimate, yet any information entered will be recorded by the scammers.
Christmas phishing scams take many forms, and each year new schemes are developed to fool consumers into revealing their credentials. Common scams include requests to download documents from cloud storage companies, warnings about the need to update software or online bank accounts, and emails claiming to be from the IRS advising consumers that they have an outstanding tax refund waiting for them.
Oftentimes, legitimate domains are spoofed to make emails appear genuine. Emails appear to have been sent from retailers, banks, financial institutions, and other respectable organizations. The emails include the correct branding and logos, are well written, and provide a seemingly legitimate reason for disclosing sensitive information. It is also becoming increasingly common for phishing emails to appear to have been sent from friends, family members or business colleagues. All too often, victims are researched to add legitimacy to the emails.
To avoid becoming a victim of Christmas phishing scams consumers must be vigilant and should treat all emails as potentially suspicious. In particular, the IRS suggests:
- Never opening an email attachment sent from an unknown individual.
- Never clicking on links in emails if the sender is not known.
- Pay attention to the sender’s email address and look for transposed letters and spelling mistakes.
- Hover the mouse arrow over a hyperlink to check the true destination of the URL.
- Use strong passwords for all online accounts and never reuse passwords.
- Set up multi-factor authentication on email, social media, and financial accounts.
- Use security software that can identify potentially malicious websites and scans emails for malware.
The IRS also reminds consumers that it never initiates contact with consumers via email, social media sites, or text messages and requests personal information. The IRS also does not call consumers or businesses with threats of legal action and legitimate businesses will not ask for sensitive information to be sent via email.