KnowBe4 Scam Of The Week: New Tax Phishing Attack
ALERT: Tax season is in full swing and the bad guys are getting smarter by the month. The current scam works in two steps so watch out for possibly bogus emails for your tax information.
STEP 1: Cybercriminals are sending emails, posing as potential clients, and interested in services from tax professionals. The tax preparer responds, and the bad guys send a second email with a malicious attachment. The tax preparer falls for this social engineering attack and that compromises the machine and now the bad guys “own” the tax preparer’s computer.
STEP 2: The bad guys now use the tax pro’s computer to send out legit looking emails to all the tax pro’ clients and get their financial records sent over to their own email address, so they can quickly file a fake tax return and pocket the money, using the illegally obtained information.
So, when you get any email about your taxes, or your W2 from literally anybody, whether you know them or not, pick up the phone and verify with your known, trusted tax preparer that they actually sent you that email. If you send tax information via email, triple-check that the email address you are sending this to is correct and type it in yourself in the “To” field.
NEVER click on “reply” and attach your tax information, because that reply email address might be spoofed. Want to be 100% safe? Hand-carry your tax info to your preparer and do the tax return in person with them.
Let’s stay safe out there!
Stop, Look, and Think. Don’t be fooled.
The KnowBe4 Security Team
Article provided by KnowBe4