This content is viewable by Everyone

Mar 2023: Global Phishing Campaigns Using Tax Season Lures

Threat Alert: What to Watch For

  • Cybercriminals have launched numerous, different phishing attacks using timely tax-themed lures. 
  • As multiple attacks are leveraging this topic, the lures will appear different. Lures may attempt to impersonate tax or revenue agencies, as well as companies or individuals asking for or offering to provide tax-related services. 
  • Watch for telltale signs of phishing attacks, including mismatches between an email’s sending address and the alleged sender, numerous or blatant typos, or strong appeals to emotion (such as threats of tax-related fines), or familiar looking login pages with unfamiliar URLs.
  • Be wary of emails that appear to start in the middle of a conversation and ask you to download a file or follow a link.

Key Action: Report Suspicious Emails

  • Report ANY suspicious emails using the Phish Alarm button in your email menu bar. 
  • Remember: Our organization occasionally sends phishing simulations that are used to evaluate the potential impact of a real phishing attack. Report any emails that match the tactics described above. 
  • If a reported message is a simulation, you will see a notification alerting you to that. No further action is needed on your part. 
  • If a reported message was not a simulation, and you are concerned about a time-sensitive request, you must take additional steps to verify the email is valid before acting on it. 

Tips to Remember (at Work and at Home)

  • Go beyond surface clues. Familiar logos, branding, and names are not automatic indicators that an email or website is safe. Cybercriminals often imitate well-known organizations.  
  • Remember that cybercriminals commonly leverage current events in phishing attacks. Annual events like tax season give cybercriminals time to prepare, as well as allowing them to take advantage of the potential stress or urgency this time of year can bring. 
  • Verify the legitimacy of any unsolicited/unexpected email before you interact with it, especially if it directs you to click on a link, download a file, or asks you to provide credentials. It can be tempting to click on a “call-to-action.” But if you notice a subtle change or inconsistency within a message, don’t ignore it—report it. 
  • Remain alert to phishing indicators. Mismatches between sending addresses and an organization’s name are always warning signs, as are login pages that may contain organizational branding but have strange or unfamiliar URLs. Additionally, organizations misspelling or incorrectly styling their own names should always be considered a warning sign.
a phishing message with a tax lure


Phishing Message with Tax Lure