It's fair to say that most of us dread doing our taxes every year, but there is another reason to loathe tax season. Every year during tax season people are barraged with email threats containing everything from phishing scams to Cryptlocker viruses. According to the IRS, there has been approximately a 400% surge in phishing and malware incidents in 2016 so far. (https://www.irs.gov/uac/Tax-Scams-Consumer-Alerts)
Earlier this month we warned you about a phishing scam that requested W2s to be sent to an fake CEO email account (read the warning here). This week there is a new phishing scam that is specifically targeting TurboTax users.
TurboTax customers receive an email that asks them to log into their account. We have seen at least three different variations of this email asking the user to either verify their identity, reset their password and user name or opt out of having TurboTax send promotional material to their family and friends. If an unsuspecting victim clicks on the link it will take them to a TurboTax impostor website. When the user enters in basic information such as username and password, the hacker immediately receives access to an enormous amount of personal information, including their name, address, and social security number.
In addition to reporting the scams, users need to proactively take appropriate measures to protect themselves from these threats.
You can protect yourself by understanding how phishing emails gain their information and learning about current threats will immediately be your first line of defense. Hilltop Consultants offers free security training to businesses, associations and nonprofits so that they can stay one step ahead of the criminals. Companies should also consider investing in tools such as Reflexion and OpenDNS. Reflexion recognizes current threats, and will block these emails from getting to your inbox in the first place and OpenDNS is able to spot malicious websites in real time and will not allow you or your employees to access these sites.