5 Security Scams During Tax Season

#1 Fake IRS Emails / Calls

Believe it or not the IRS does not often send you an email or call you saying you have taxes owed, nor do they try and "give you tax refunds" if you give more information.  This is a very common threat so use suspicion of any email that comes from the IRS, and verify details that I will cover at the bottom of this blog.

#2 Fake COVID-19 Emails / Calls - American Rescue Plan

With the passage of the American Rescue Plan, there's a lot of questions regarding what people qualify for, what they need to do in order to receive their tax refunds... etc.  That information is best obtained from direct sources such as https://www.whitehouse.gov/american-rescue-plan/ or from personal tax preparers / financial officers within your organization.  You certainly won't be seeing this within your business email for your personal taxes - so if you see an email talking about that, report it to your IT Security Team so they can best investigate the potential threat.

#3 Fake Tax Refunds - Similar to Above

The same regarding tax refunds from unknown sources... do not trust them.  Again, look for proper sources of information, such as .gov agencies, or if confused reach out to IT Security Professionals or Tax Preparers / Financial Employees.  This is a common fake email sent to get users to click to pull information.

#4 Fake "You're Infected" Emails / Calls

Just because you received an email / call from an unknown source saying they've hacked you... it does not mean you've been hacked. This is a common method for cybercriminals to try and gain access to your system.  If you feel that you *might* be hacked, talk to a trusted security advisor / Support Tech you DO know (or even reach out to London Security Solutions).

#5 Fake Patches / Updates Emails

With attacks like the SolarWinds Hack succeeded because of users not being properly patched... but just because that is a real hack, doesn't mean that you should patch immediately (or click a link) in an email telling you to patch your system.

General Fake Email Things

  • Don't click links you don't know where they go.  Verify the source of the link by reviewing it prior to clicking the link.
  • If you do not know the source of the email, do not trust it.  Assume that an email from a non-trusted source is suspect.
  • If it sounds too good to be true, it probably is not true.
  • If it sounds too scary to be real... it probably is not real. And if it is... it is better to instead pause and ask a trusted security advisor rather than clicking a link you don't know.
    • Note here - there are many real security threats that sound scary, solidifying why you should reach out to a trusted security advisor.