Tips & Advice

It’s Phishing Season

Charlotte Empey, 29 March 2018

Tax season IS phishing season — here’s your survival guide to make it out alive.

At this very moment, your inbox is teeming with them. Like an annual migration upriver, phishing emails swim their way into the inboxes of all Americans when tax season rolls around. Every January 1st through April 15th, cybercriminals blitz the public with their most clever deceits. They pose as someone you know or an institution you use, stating in an official-sounding way that “there’s a problem with your account, just click here to clean it up.” That’s their bait. It’s all decoy.

And while some can be spotted a mile away, others may catch you off-guard. Phishing uses a tactic called social engineering, which plays on your deeper subconscious instincts. The crooks are trying to lull you with routine language and requests, using a tone of authority that sounds familiar. On the surface, this seems easy to recognize and avoid; but in our most distracted moments, we are all susceptible to being fooled by this.

Casting a wider net this year

Phishing is such a national problem that the IRS has put phishing schemes at the top of its “Dirty Dozen” list of tax scams. It may be, though, that the public is catching on and clicking less, because the phishing underworld has unleashed a new arm of attack this year — a W-2 identity theft scam, targeting finance-related roles in the professional sector. The phony emails claim to be from a boss, a co-worker, or a payroll provider, requesting the data one would find on a W-2: names, social security numbers, home addresses, and salaries.  

Other similarly deceptive efforts try to lure additional information from you including your username and password either by having you login to a fake similar-looking site or ask you to email the information to them.  Or, they include an attachment to download. And, when you click it, your computer or phone could be instantly compromised.

Learn what phishing looks like

Save yourself from falling victim to the feeding frenzy this tax season by keeping these tips in mind should any suspicious-looking emails begin nibbling at your line:

  • Look at the return address carefully. The easiest phonies to identify are the ones where the email address has nothing to do with the company it is claiming to be.
  • Do not click, download, or reply. If the email seems to be coming from a person or institution you know, yet you still smell something phishy, do not click any links, download any attachments, or even reply to that email. Instead, contact those entities through a separate channel and ask if the email came from them.
  • Question all “too good to be true” offers. As the saying goes, all that glitters is not gold. And that’s definitely the case when it comes to emails during tax season.
  • Use client portals when possible. As a preventative measure, keep all your data as private as possible. Use direct client portals with your accountant if they offer it. And remember, nothing beats a VPN when it comes to preserving privacy and encrypting your internet connection when you are uploading your data.
  • Delete suspicious emails. Get rid of them right away. Don’t let them stay there to be mistakenly opened in the future.
  • Use strong passwords. Keep your own security as tight as possible with strong passwords that are each unique to their own accounts.

You can also download and install a good antivirus, like Avast Free Antivirus for consumers or our business-grade endpoint protection Avast Business Antivirus Products.  All of these will alert you to any bad files trying to worm their way into your system or your clients’ systems. Train yourself and your clients to recognize the signs of a phishing scam and to not be fooled. It’s important year-round, but super-important at least until tax day.