Skip to main content

Tax Season Attacks – Part 2, Phishing

March 09, 2016

Tax season is officially upon us, and with it brings out a host of scams against taxpayers. In this blog series we explore three specific attacks: phishing, shoulder surfing and dumpster diving. Read part one for a high level synopsis of each type of attack.  

In this post we examine phishing scams featuring attackers trying to impersonate the Internal Revenue Service (IRS).

The Attack

The tax season brings phishing emails crafted specifically to attract all those who file their taxes online. Phishing scammers send emails claiming to be from either the IRS or well-known tax preparation companies, offering links as click bait. These links lead to attacker-controlled websites that ask for personal information, filing status, ordering transcripts and verifying PIN information. The IRS has renewed their consumer alert for e-mail related schemes after seeing a 400 percent surge in malware and phishing attacks this tax season.

The IRS does not initiate conversations by email due to disclosure requirements. This is true in all situations – in tax returns as well as for audits. Attackers gamble that targets do not know this about the IRS, and create legitimate-looking emails and web pages, using IRS marks and terminology, in order to entice them to enter personally identifying information as well as financial information.


User awareness is paramount for preventing tax phishing attacks. User education is a process – and seminars or informational documents for security awareness that are released near tax season should provide information specifically targeted toward tax-related scams.  Tax-themed phishing scams are common. You should be aware that the IRS does not initiate communications via email, and that they do not link to websites that directly request payment information via email. General phishing prevention best practices also apply here, including not clicking on links or downloading any attachments from unknown or suspicious emails. If you are aware of what to look out for, you will be less likely to fall for something specific that you know to be a scam. In addition, employers should also educate users on internal procedures for reporting phishing scams, in case attackers target employees at their business addresses.

In addition to user awareness, technical protections against phishing and malware can also help thwart tax-related scams. You should always use security software with firewall and anti-virus protections enabled and updated when filing your taxes. You should only prepare taxes on machines on which the operating system and all end-user software have been fully patched. In case a phishing attacker attaches a malicious document or includes an exploit on a destination website, these measures can mitigate the damage.

From a corporate perspective, content filtering can help prevent employees from being attacked by tax scammers at work. Consider a policy of default-deny for all unknown web domains. That way, since many phishing domains are new and untested from a perspective of content filtering solutions, access to those phishing domains can be blocked before users have a chance to surrender their personal information to attackers.

Continue to part three: shoulder surfing.

    Nicolle Neulist

By: Nicolle Neulist

Intelligence Analyst

See More

Related Blogs

March 23, 2016

Tax Season Attacks – Part 4, Dumpster Diving

Dumpster diving is the practice of combing through commercial or residential waste to find items that have been discarded by their owners. During tax ...

See Details

March 17, 2016

Tax Season Attacks – Part 3, Shoulder Surfing

Shoulder surfing certainly is not the most technical form of identity theft, but it has been an effective means to commit fraud. Shoulder surfing is t...

See Details

February 29, 2016

Tax Season Attacks – Part 1

It’s the same routine every year during tax season, employers send out important tax information such as W-2s to their employees, television and radio...

See Details

How Can We Help?

Let us know what you need, and we will have an Optiv professional contact you shortly.

Privacy Policy


July 21, 2015

Data Security Solutions

Learn how we can help secure your date throughout its lifecycle.

See Details

Stay in the Know

For all the latest cybersecurity and Optiv news, subscribe to our blog and connect with us on Social.


Join our Email List

We take your privacy seriously and promise never to share your email with anyone.

Stay Connected

Find cyber security Events in your area.