What is the threat?
The IRS warned taxpayers, businesses, and tax professionals about the ongoing threat of internet phishing campaigns that lead to theft of their sensitive information through its ‘Dirty Dozen Campaign’. To protect taxpayer’s confidential data against scams, the IRS highlights one scam on twelve consecutive week days to help to improve awareness among the taxpayers. Phishing scams are the first of the 2019 “Dirty Dozen” scams released by IRS.
Why is this noteworthy?
IRS has mentioned that criminals work to victimize tax payers through various legitimate-looking fake emails with convincing website landing pages. The IRS also mentioned that criminals target financial information available in the files of tax professionals, payroll professionals, human resources, schools, and organizations information such as W-2 forms. Malicious actors may use the email credentials from a compromised account to send phishing emails to the victim’s email contacts.
What is the exposure or risk?
The sensitive data of an individual can be stolen by the malicious attackers. Moreover, successful data breach may have severe impacts to the affected individual or organization and can result in the loss of sensitive or proprietary information, financial losses and potential harm to reputation.
What can you do?
SkOUT recommends to watch out for emails and other scams posing as the IRS, promising a big refund or personally threatening people. To enhance security, it is recommended to not open unverified attachments or click on links in emails. If a taxpayer receives an unsolicited email that appears to be from either the IRS or an organization closely linked to the IRS, it should be reported to firstname.lastname@example.org.
For more in-depth information about the recommendations, please visit the following link:
If you have any questions, please contact our Secure Intelligence Center.