How Phishing Scams Work During Tax Season

Phishers often spoof the IRS or payroll services to trick you into opening a “W-9” or tax-form PDF that contains malicious macros—Emotet being the most notorious example. Researchers have observed Emotet delivered via fake W-9 attachments that, once enabled, unleashed a Trojan capable of stealing credentials and deploying further malware. As tax-deadline urgency rises, attackers also leverage exploit kits on compromised websites to silently install Emotet when users visit infected pages.

How Phishing Scams Work During Tax Season

Phishing scams mimic legitimate IRS notices or tax-software alerts. They often:

• Use urgent language (“Act now or risk penalties!”) and ask you to enable macros in attachments.

• Spoof sender addresses (e.g., noreply@irs.gov) and embed links to fake IRS portals.

• Include “W-9” or “1099” forms to lure professional filers and small-business owners.

7 Steps to Protect Your Data and Your Refund

1. Verify Before You Click
   Never open tax-related attachments without confirming the sender. If in doubt, call the IRS or your tax preparer directly—don’t use contact info in the email.

2. Disable Macros by Default
   Office macros are a common Emotet vector. Keep macros off, and only enable them for files you’ve personally requested from a trusted source.

3. Check URLs Carefully
   Hover over links to see the true destination. Legitimate IRS sites begin with “https://www.irs.gov” and display the padlock icon.

4. Use Strong, Unique Passwords + 2FA
   Enable two-factor authentication on tax software and email accounts. Even if credentials leak, a second factor stops most account takeovers.

5. Keep Software Patched
   Regularly update your OS, browser, and antivirus software so exploit kits on malicious sites can’t slip through unpatched holes.

6. Stay Informed on New Tactics
   Follow IRS alerts and reputable security blogs (e.g., Infosecurity Magazine) for the latest phishing and malware campaigns.

7. Report Suspicious Messages
   Forward IRS phishing attempts to phishing@irs.gov and report to the FTC at ftc.gov/complaint. Early reporting helps block campaigns and protect others.

Beyond Phishing: Emerging Threats

Tax-season fraud is evolving:

• AI-Powered Scams: Attackers now use deepfake audio and AI-generated emails to impersonate colleagues or IRS agents.

• Ghost Preparers: Uncredentialed tax preparers demand fees, steal your return, then vanish—always verify your preparer’s PTIN.

By staying skeptical of unsolicited tax emails, disabling macros, patching promptly, and reporting scams, you can outsmart attackers and protect both your identity and your refund this tax season.

Stay informed and empowered with Cyber News Live! Join us for insightful discussions, expert analysis, and valuable resources that promote cyber awareness and safety in education. Don’t miss out—tune in to Cyber News Live today!