National Cyber Awareness System: 01/30/2015 12:00 AM EST
Original release date: January 30, 2015
OverviewThroughout the year, scam artists pose as legitimate entities—such as the Internal Revenue Service (IRS), other government agencies, and financial institutions—in an attempt to defraud taxpayers. They employ sophisticated phishing campaigns to lure users to malicious sites or entice them to activate malware in infected email attachments. To protect sensitive data, credentials, and payment information, US-CERT and the IRS recommend taxpayers prepare for heightened risk this tax season and remain vigilant year-round. Remain alertPhishing attacks use email or malicious websites to solicit personal information by posing as a trustworthy organization. In many successful incidents, recipients are fooled into believing the phishing communication is from someone they trust. An actor may take advantage of knowledge gained from research and earlier attempts to masquerade as a legitimate source, including the look and feel of authentic communications. These targeted messages can trick any user into taking action that may compromise enterprise security. Spot common elements of the phishing lifecycle
Understand how the IRS communicates electronically with taxpayers
Take action to avoid becoming a victimIf you believe you might have revealed sensitive information about your organization or access credentials, report it to the appropriate contacts within the organization, including network administrators. They can be alert for any suspicious or unusual activity. Watch for any unexplainable charges to your financial accounts. If you believe your accounts may be compromised, contact your financial institution immediately and close those accounts. If you believe you might have revealed sensitive account information, immediately change the passwords you might have revealed. If you used the same password for multiple accounts, make sure to change the password for each account and do not use that password in the future. Report suspicious phishing communications
If you are a victim of any of the above scams involving IRS impersonation, please report to phishing@xxxxxxx, file a report with the Treasury Inspector General for Tax Administration (TIGTA), the Federal Trade Commission (FTC), and the police. Additional ResourcesFor more information on phishing, other suspicious IRS-related communications including phone or fax scams, or additional guidance released by Treasury/IRS and DHS/US-CERT, visit:
To report a cybersecurity incident, vulnerability, or phishing attempt, visit US-CERT.gov/report. Author: US-CERT and IRS This product is provided subject to this Notification and this Privacy & Use policy. |