" how to know if phishing email Archives - LuxSci FYI Blog: Learn about HIPAA email encryption, secure email encryption, and more
LUXSCI

Posts Tagged ‘how to know if phishing email’

Tax Season May Be Over, But Tax Scams Aren’t

Wednesday, April 17th, 2019

April 15 may have been the last day that people can file their tax returns, but that doesn’t mean that tax scams come to an end. Data from the AllAreaCodes.com analysis of FTC data, Consumer Warning: Tax Season is Also Peak Robocall Season, indicates that there is no dip in robocall-related complaints straight after the deadline. This is somewhat surprising, especially when you consider how prevalent phone-based tax scams are.

But it’s not just in the following weeks that you need to watch out for these crimes. The IRS also regularly warns taxpayers ahead of both hurricane season and the October 15 cutoff date for six month extensions. The agency encourages taxpayers to be aware of fraud throughout the year.

To help keep you safe, let’s take a look at some of the biggest tax scams you can expect to see this year:

tax season scams

IRS Taxpayer Advocate Service (TAS) Spoofing

In March, the IRS warned the public about a modification to the IRS impersonation phone scam. Traditionally, this scam involves a person or a robocaller making an unsolicited call. The scammer says that they are from the IRS and then either demands that victims make payments or handover sensitive information.

The new iteration of this scheme involves scammers spoofing calls to make it seem as though they are coming from the IRS Taxpayer Advocate Service (TAS). This tactic helps to lure in more victims, because it makes the demands seem legitimate. By convincing people that they are representatives of the TAS, it makes it easier for criminals to extract money or information from their victims.

To avoid falling for this trick, taxpayers should be aware that the TAS does not make unsolicited calls. If you have not previously reached out to the TAS, then you should assume that any phone call from them is fraudulent.

Tax-themed Malware Scams

This year, IBM X-Force researchers released the details of three major malware campaigns that used tax-related Excel attachments to trick people into installing a banking Trojan on their computers.

Each of these campaigns used social engineering to make the recipients open an attachment that contains Trickbot, a Trojan which is used to steal banking information and other details.

To avoid falling for these scams, you should be aware that the IRS does not contact taxpayers over email, phone, text or social media, to elicit sensitive data. You should ignore any such requests. On top of this, you should ignore unsolicited emails, especially if they contain links or attachments.

Hurricane Tax Scams

Whenever a hurricane or another disaster strikes, scammers take advantage of the situation in a number of different ways. These generally involve unsolicited contact and abusing the goodwill of those who want to help the victims.

The tactics of these criminals range from posing as IRS agents that pretend they will help victims file tax refunds, to impersonating charities and stealing money from people, to even setting up fraudulent charities.

To avoid falling for these scams, disaster victims can visit the IRS’ Tax Relief in Disaster Situations page for information. Those who wish to donate to real charities can use the Tax Exempt Organization Search to verify their legitimacy.

On top of this, they should not give out financial information to those who solicit contributions. This includes things such as credit card numbers, Social Security numbers or passwords. If you are going to donate, make sure you do so with a credit card or a check. This ensures that there is a written record of the donation for your tax deduction.

Tax Extension Deadline Scams

If you thought you could relax as hurricane season begins to wind down, unfortunately that’s not the case. Since October 15 is the last day for those who filed for a six month extension, many of the above scams roar back to life.

Although people are starting to become more aware of tax-related crimes, not as many realise that they are a year-round occurrence. If you want to stay safe from these and other types of scam, you need to be constantly vigilant and always err on the safe side. Otherwise, you may become the victim of theft, identity fraud or worse.

It’s Tax Season – Watch Out or You’ll Be Paying More than Just Taxes

Thursday, March 14th, 2019

The season is upon us. It’s definitely not Christmas, and there are very few people who would claim that the lead-up to April’s cutoff date is their favorite time of the year. If you thought that paying your dues to the IRS was already enough to worry about, get ready for some bad news:

It’s also scam season.

To celebrate the rising number of fraud and identity theft attempts, the helpful folk at everyone’s favorite government department have just begun their annual ‘Dirty Dozen’ campaign, listing the biggest tax scams that people need to be aware of.

Phishing Is Still King

The first entry on this year’s list is the ever-pervasive phishing scam. The IRS press release warns that phishing attacks “tend to increase during tax season and remain a major danger of identity theft.”

These phishing schemes can take many forms in their attempts to extract sensitive information (such as login credentials or credit card details) from targets. At this time of year, many attackers take advantage of the confusion and target their victims with tax-related scams.

“Taxpayers should be on constant guard for these phishing schemes, which can be tricky and cleverly disguised to look like it’s the IRS,” said IRS Commissioner Chuck Rettig in the press release.

“Watch out for emails and other scams posing as the IRS, promising a big refund or personally threatening people. Don’t open attachments and click on links in emails. Don’t fall victim to phishing or other common scams.”

Organizations Are Being Targeted As Well

It’s not just the individual who is being directly targeted either. Over time, a series of more sophisticated scams have evolved. One of these is known as business email spoofing (BES), which involves attackers sending convincing emails from a faked address.

Another is called business email compromise (BEC), which involves a hacker stealing the credentials of a target’s email account, then sending emails from that account to other victims, impersonating the account’s owner to manipulate these new victims into divulging information or transferring money.

The IRS also states that it is seeing a greater number of advanced scams that target the files of human resources personnel, tax professionals and other organizations. These targets tend to have extensive amounts of their client’s financial information, which hackers chase after in a number of different ways.

The hackers may pose as an employee and ask for a deposit to be rerouted to another account, act as a business and ask their target to pay a fraudulent invoice, or even pretend to be one of the victim’s associates and trick the victim into transferring money into the hacker’s account.

Due to the growing sophistication of these scams and their proliferation at this time of year, the IRS has warned tax professionals to be on high alert for any suspicious or unusual activity.

Keeping Yourself, Your Organization or Your Clients Safe

As part of the IRS’s campaign on combating identity fraud, it launched the Security Summit, a conference of various stakeholders aimed at coming up with solutions and mitigation strategies.

Some of the summit’s recommendations include raising awareness about spear phishing and how to recognize it, encrypting all sensitive client data and implementing strong password strategies.

If you or your organization come across any phishing attempts that impersonate the IRS or related organizations, you should report the scam to phishing@irs.gov.

How to Know if an Email is a Phishing Scam or Not

Tuesday, November 20th, 2018

Phishing scams are a major threat to all email users, especially businesses. The scary part is that they’re becoming increasingly sophisticated. Phishing emails popped up sometime in the early 90s. However, back then, they weren’t too hard to detect. For instance, typos were commonplace in an old-school phishing mail, and that was a dead giveaway.

Of course, this was a long time ago, when email was still in its infancy. Times have changed and today’s cybercriminal has changed with the times. Their tactics have evolved and phishing emails are far more convincing than they used to be. They are well written and personalized. Hackers and cybercriminals already have a rough idea of who you are, and that means today’s phishing emails are targeted.

Today’s phishing emails also look authentic; they replicate legitimate emails in terms of design and aesthetic. In fact, at first glance, you wouldn’t know the difference between a real email from your bank and a fraudulent version. Needless to say, this makes fighting phishing scams a major challenge.

On the rise

According to data from the RSA, phishing attacks are only growing, and this is despite an increase in user awareness. One major reason for this growth is the simplicity of executing such scams. Malware developers now offer automated toolkits that scammers can use to create and host phishing pages with the utmost ease.

It is estimated that each phishing attack manages to extract an average of $4500 in stolen funds.

how to prevent phishing scams

So, the big question is – how does one protect their email, especially at a time when phishing scams are evolving? Well, here is what the experts have to say.

Never trust just a name

 A common tactic used by scammers is spoofing the display name in an email. According to a study done by ReturnPath, around 50% of 760,000 email threats targeting some of the world’s biggest businesses had made use of this tactic.

This is how it works – let’s say a scammer spoofs a brand name such as “Nike.” The email address of the sender may look something like “Nike nike@customersupport.com.” But, even if Nike doesn’t actually own the domain “customersupport.com,” DMARC and other email authenticity and anti-fraud tools will not to block the mail. This is because the email is legitimately from customersupport.com, even though this domain has nothing to do with Nike.  There is no authentication for the “comment” that goes along with the email address (in this example, that is the word “Nike”).

Read the rest of this post »

LUXSCI