Drake Software blog for tax pros, covering tax, IRS news, and more

How to Recognize a Phishing Email Scam

How to Recognize a Phishing Email Scam

Protecting Your Data

As we hurtle into the holidays, rest assured the hackers and fraudsters are working feverishly to put the bow on their newest phishing email scam. And it’s aimed squarely at you.

Phishing attacks use email or malicious websites to trick users into divulging their personal information. Many times the criminal manages to fool someone into believing the phishing email is from someone they trust. The emails may even have the look and “feel” of authentic communications.

Despite the message the holiday season carries for us all, when it comes to emails, a healthy dose of skepticism will go a long way toward protecting your data. Even if an email is from a known source, use caution, because cybercrooks are very good at mimicking trusted businesses, family and friends.

Here are six examples of email phishing scams. Any attempt to get your information illegally could use one of these schemes, or a combination. Here’s what should set off your alarm bells (and it won’t be Santa):

  • Emails requesting personal information. The thief might ask for bank account numbers, passwords, credit cards and Social Security numbers. This is the most common way thieves steal data.
  • An email urgently warning the recipient to update online financial accounts at a hyperlink provided in the email. The link goes to a fake site. Never click on a link provided in an unsolicited email – even from a trusted source.
  • A message with an email address spoofing a familiar address to look like trusted businesses, friends and family. The fake address has a slight change in text, such as name@example.com vs narne@example.com. Merely changing the “m” to an “r” and “n” can trick people.
  • Emails saying the recipient has a tax refund waiting at the IRS or that the IRS needs information about insurance policies. The IRS doesn't initiate spontaneous contact with taxpayers by email to request personal or financial information.
  • The message has hyperlinks that take someone to a fake site. In one example, the email says: “Following recent calculations, we notice that you are eligible to receive a tax refund. In order to start the refund procedure, please visit this link and follow the steps required.” The link goes to a fake site. The IRS doesn’t send emails asking for refund verification.
  • The message includes a PDF attachment that may download malware or viruses. Never open an attachment from a suspicious email address.

This is National Tax Security Awareness Week. The Internal Revenue Service, along with the volunteer members of the Security Summit, urge all tax professionals to take this time between tax seasons to contemplate their cyber-security measures.

For more information on phishing email scams, check out Protect Your Clients, Protect Yourself, the tax pro’s first stop when looking for information on being secure.

Bob Williams

Forget genes; I’ve got words in my DNA. Communication has been part of who I am nearly all my life. From a long career in radio news to another one in newspapers – and a University of Georgia journalism degree sandwiched between the two – language has been my life. I’ve also been fortunate to have learned the tax business from the ground up here at Drake, starting with 1040.com online forms some years ago before moving on to work on the Web. In all things tax-ish, we aim to give you tools you can use.