Threat Alert: 2024 Tax Season Themed Lures 

• Cybercriminals have launched a series of various phishing attacks claiming to be communications pertaining to the 2024 tax season. 
• These lures impersonate various entities involved with tax filings and include multiple malicious objectives (e.g., malware deployment and credential theft). 
• During tax seasons, people are more likely to fall for tax-related scams as cybercriminals exploit submission deadlines to create a sense of urgency and prompt users to click on potential threats. 
• As tax deadlines approach, it is probable tactics will evolve to incorporate notifications about approaching deadlines to elicit a sense of urgency for action. 

Key Actions (at Work and at Home) 

• Keep in mind that cybercriminals regularly abuse legitimate services like those involved with tax filing. Abusing legitimate services gives cybercriminals and their lures an additional air of legitimacy. If you see an unexpected email linking you to an unknown document, it should be regarded as potentially malicious. 
• Remember that cybercriminals commonly leverage current events in phishing attacks. Annual events like tax season give cybercriminals time to prepare, as well as allowing them to take advantage of the potential stress or urgency this time of year can bring. 
• Don’t confuse familiarity and safety. It’s easy for attackers to abuse well-known logos and brands. Attackers can easily craft emails that mimic known tax-related services in tone and branding. 
• Report ANY suspicious emails using the Phish Alarm button. Remember: Our organization occasionally sends phishing simulations.