Educause Security Discussion mailing list archives
Re: Tax-themed phishing exercises
From: "Dixon, Cameron" <cameron.dixon () HQ DHS GOV>
Date: Fri, 20 Apr 2018 16:18:05 +0000
Two statutes worth being aware of with regard to tax-themed phishing: * https://www.law.cornell.edu/uscode/text/31/333 * https://www.law.cornell.edu/uscode/text/18/709 One is Treasury-specific, but IRS takes these very seriously! The U.K.’s NCSC has great commentary on phishing your users, which really resonates with me: https://www.ncsc.gov.uk/blog-post/trouble-phishing - - - - Cameron ________________________________ From: The EDUCAUSE Security Constituent Group Listserv on behalf of Boyce, Rori Sent: Friday, April 20, 2018 8:51:54 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Tax-themed phishing exercises This makes perfect sense, thanks for the heads up! From: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Hassler, Karl D. Sent: Thursday, April 19, 2018 3:49 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Tax-themed phishing exercises Caution - External Email ________________________________ Just and FYA for those of you engaged in phishing exercises with your communities: The IRS strongly discourages tax-themed phishing exercises because they can end up being reported to phishing () irs gov<mailto:phishing () irs gov> and divert agency attention and personnel from investigations of actual phishing scams. They’ve had incidents where organizations construct payroll-themed lures which make employees/recipients believe they are victims of a stolen identity refund fraud (SIRF) or the business email compromise (BEC) / business email spoofing (BES) W2 scam. Recipients promptly emailed phishing () irs gov<mailto:phishing () irs gov>, called the IRS, contacted their tax professionals, etc. which generated a lot of confusion. Remember, you want to get peoples’ attention and reinforce best practices. If you’re too convincing, you can set off an Orson Wells-like panic. Tax phishes, especially at this time of year have the potential to elicit calls to the IRS. TLP: Amber Karl Hassler, CISSP Director, IT Security Policy & Compliance 302-831-3750 302-489-9788
Current thread:
- Tax-themed phishing exercises Hassler, Karl D. (Apr 19)
- Re: Tax-themed phishing exercises Boyce, Rori (Apr 20)
- <Possible follow-ups>
- Re: Tax-themed phishing exercises Sue McGlashan (Apr 19)
- Re: Tax-themed phishing exercises Dixon, Cameron (Apr 20)
- Re: Tax-themed phishing exercises McClenon, Brady (Apr 23)