Educause Security Discussion mailing list archives
Tax-themed phishing exercises
From: "Hassler, Karl D." <khassler () UDEL EDU>
Date: Thu, 19 Apr 2018 19:49:06 +0000
Just and FYA for those of you engaged in phishing exercises with your communities: The IRS strongly discourages tax-themed phishing exercises because they can end up being reported to phishing () irs gov<mailto:phishing () irs gov> and divert agency attention and personnel from investigations of actual phishing scams. They've had incidents where organizations construct payroll-themed lures which make employees/recipients believe they are victims of a stolen identity refund fraud (SIRF) or the business email compromise (BEC) / business email spoofing (BES) W2 scam. Recipients promptly emailed phishing () irs gov<mailto:phishing () irs gov>, called the IRS, contacted their tax professionals, etc. which generated a lot of confusion. Remember, you want to get peoples' attention and reinforce best practices. If you're too convincing, you can set off an Orson Wells-like panic. Tax phishes, especially at this time of year have the potential to elicit calls to the IRS. TLP: Amber Karl Hassler, CISSP Director, IT Security Policy & Compliance 302-831-3750 302-489-9788
Current thread:
- Tax-themed phishing exercises Hassler, Karl D. (Apr 19)
- Re: Tax-themed phishing exercises Boyce, Rori (Apr 20)
- <Possible follow-ups>
- Re: Tax-themed phishing exercises Sue McGlashan (Apr 19)
- Re: Tax-themed phishing exercises Dixon, Cameron (Apr 20)
- Re: Tax-themed phishing exercises McClenon, Brady (Apr 23)