ST15-001: IRS and US-CERT Caution Users: Prepare for Heightened Phishing Risk This Tax Season

["US-CERT" <US-CERT () ncas us-cert gov>]

NCCIC / US-CERT

National Cyber Awareness System:

ST15-001: IRS and US-CERT Caution Users: Prepare for Heightened Phishing Risk This Tax Season [ 
https://www.us-cert.gov/ncas/tips/ST15-001 ] 01/30/2015 12:00 AM EST 
Original release date: January 30, 2015

  

Overview

Throughout the year, scam artists pose as legitimate entities—such as the Internal Revenue Service (IRS), other 
government agencies, and financial institutions—in an attempt to defraud taxpayers. They employ sophisticated phishing 
campaigns to lure users to malicious sites or entice them to activate malware in infected email attachments. To protect 
sensitive data, credentials, and payment information, US-CERT and the IRS recommend taxpayers prepare for heightened 
risk this tax season and remain vigilant year-round.

Remain alert

Phishing attacks use email or malicious websites to solicit personal information by posing as a trustworthy 
organization. In many successful incidents, recipients are fooled into believing the phishing communication is from 
someone they trust. An actor may take advantage of knowledge gained from research and earlier attempts to masquerade as 
a legitimate source, including the look and feel of authentic communications. These targeted messages can trick any 
user into taking action that may compromise enterprise security.

Spot common elements of the phishing lifecycle

  * *A Lure*: enticing email content. 
  * Example 1 [ http://www.irs.gov/pub/irs-utl/phishing_email.pdf ] of actual phishing emai 
  * Example 2 [ http://www.irs.gov/pub/irs-utl/phishing_email2.pdf ] of actual phishing email 

  * *A Hook*: an email-based exploit. 
  * Email with embedded malicious content that is executed as a side effect of opening the email 
  * Email with malicious attachments that are activated as a side effect of opening an attachment 
  * Email with “clickable” URLs: the body of the email includes a link, which displays as a recognized, legitimate 
website, though the actual URL redirects the user to malicious content. 

  * *A Catch*: a transaction conducted by an actor following a successful attempt. 
  * Unexplainable charges 
  * Unexplainable password changes 

Understand how the IRS communicates electronically with taxpayers

  * The IRS does not initiate contact with taxpayers by email, text messages or social media channels to request 
personal or financial information. 
  * This includes requests for PIN numbers, passwords or similar access information for credit cards, banks or other 
financial accounts. 
  * The official website of the IRS is www.irs.gov [ http://www.irs.gov ]. 

Take action to avoid becoming a victim

If you believe you might have revealed sensitive information about your organization or access credentials, report it 
to the appropriate contacts within the organization, including network administrators. They can be alert for any 
suspicious or unusual activity.

Watch for any unexplainable charges to your financial accounts. If you believe your accounts may be compromised, 
contact your financial institution immediately and close those accounts.

If you believe you might have revealed sensitive account information, immediately change the passwords you might have 
revealed. If you used the same password for multiple accounts, make sure to change the password for each account and do 
not use that password in the future.

Report suspicious phishing communications

  * Email: If you read an email claiming to be from the IRS, do not reply or click on attachments and/or links. Forward 
the email as-is to phishing () irs gov, then delete the original email. 
  * Website: If you find a website that claims to be the IRS and suspect it is fraudulent, send the URL of the 
suspicious site to phishing () irs gov with subject line, “Suspicious website”. 
  * Text Message: If you receive a suspicious text message, do not reply or click on attachments and/or links. Forward 
the text as-is to 202-552-1226 (standard text rates apply), and then delete the original message (if you clicked on 
links in SMS and entered confidential information, visit the IRS’ identity protection [ 
http://www.irs.gov/Individuals/Identity-Protection ] page). 

If you are a victim of any of the above scams involving IRS impersonation, please report to phishing () irs gov, file a 
report [ http://www.treasury.gov/tigta/contact_report_scam.shtml ] with the Treasury Inspector General for Tax 
Administration (TIGTA), the Federal Trade Commission (FTC [ https://www.ftccomplaintassistant.gov/ ]), and the police.

Additional Resources

For more information on phishing, other suspicious IRS-related communications including phone or fax scams, or 
additional guidance released by Treasury/IRS and DHS/US-CERT, visit:


  * Avoiding Social Engineering and Phishing Attacks [ https://www.us-cert.gov/ncas/tips/ST04-014 ] 
  * Recognizing and Avoiding Email Scams [ 
https://www.us-cert.gov/security-publications/recognizing-and-avoiding-email-scams ] 
  * Phishing and Other Schemes Using the IRS Name [ 
http://www.irs.gov/uac/Phishing-and-Other-Schemes-Using-the-IRS-Name ] 
  * IRS Repeats Warning about Phone Scams [ http://www.irs.gov/uac/Newsroom/IRS-Repeats-Warning-about-Phone-Scams ] 
  * Report Phishing and Online Scams [ http://www.irs.gov/uac/Report-Phishing ] 
  * Tips for Taxpayers, Victims about Identity Theft and Tax Returns [ 
http://www.irs.gov/uac/Newsroom/Tips-for-Taxpayers,-Victims-about-Identity-Theft-and-Tax-Returns-2014 ] 

To report a cybersecurity incident, vulnerability, or phishing attempt, visit US-CERT.gov/report [ 
http://www.us-cert.gov/report ].

________________________________________________________________________

Author: US-CERT and IRS________________________________________________________________________

This product is provided subject to this Notification [ http://www.us-cert.gov/privacy/notification ] and this Privacy 
& Use [ http://www.us-cert.gov/privacy/ ] policy.

________________________________________________________________________

OTHER RESOURCES: Contact Us [ http://www.us-cert.gov/contact-us/ ] | Security Publications [ 
http://www.us-cert.gov/security-publications ] | Alerts and Tips [ http://www.us-cert.gov/ncas ] | Related Resources [ 
http://www.us-cert.gov/related-resources ] 

STAY CONNECTED: Sign up for email updates [ http://public.govdelivery.com/accounts/USDHSUSCERT/subscriber/new ]