US Tax Season Phishing Scams and Malware Campaigns

added March 16, 2011 at 11:32 am

In the past, US-CERT has received reports of an increased number of phishing scams and malware campaigns that take advantage of the United States tax season. Due to the upcoming tax deadline, US-CERT reminds users to remain cautious when receiving unsolicited email that could be part of a potential phishing scam or malware campaign.

These phishing scams and malware campaigns may include, but are not limited to, the following:

information that refers to a tax refund
warnings about unreported or under-reported income
offers to assist in filing for a refund
details about fake e-file websites

These messages which may appear to be from the IRS, may ask users to submit personal information via email or may instruct the user to follow a link to a website that requests personal information or contains malicious code.

US-CERT encourages users and administrators to take the following measures to protect themselves from these types of phishing scams and malware campaigns:

Do not follow unsolicited web links in email messages.
Maintain up-to-date antivirus software.
Refer to the IRS website related to phishing, email, and bogus website scams for scam samples and reporting information.
Refer to the Recognizing and Avoiding Email Scams (pdf) document for more information on avoiding email scams.
Refer to the Avoiding Social Engineering and Phishing Attacks document for more information on social engineering attacks.
Review the Wall Street Journal blog post "Cybercrooks Digging for Tax Data" for additional suggestions for protecting against these types of attacks.