With tax deadline quickly approaching, more problems than just tax forms are on the horizon. Many cyberattacks are now targeting users with emails that look almost identical to legitimate TurboTax and IRS communications.
So how do you know what to look for and what is phishing anyway? Simply put, “phishing” refers to attackers attempting to get personal information (names, account numbers, credit card information, addresses, and other identity information) from a victim by pretending they are a legitimate source. Anytime you receive an email from a company asking you to verify information, first ALWAYS ask yourself if you have ever actually created an account with that company. If you prepared your taxes with an accountant and you get an email asking you to verify TurboTax information, chances are that the email is malicious. If you think that an email may be suspicious it is best to:
1. NEVER open any attachments in the email.
2. Do NOT forward the email to anyone else.
3. Do NOT click on anything in the email including pictures, videos, buttons, and links.
4. If you think the email MAY be legitimate, contact the sender by phone (not by phone number listed in the email). Search that company’s name on Google, Bing, or Yahoo! and get the correct information from their own website. Then verify the email you are looking at is legitimate.
Sometimes, even the most educated users can be fooled by attacks. Cybercriminals are constantly evolving their attacks and even targeting specific individuals rather than mass mailing random accounts. Some general best practices for protecting yourself from even the most sophisticated include: making sure that your operating system and browser are updated to the latest version, you have an updated anti-virus AND anti-malware software, and you always access the internet from known and trusted networks.
Here are some additional things you can do to protect yourself from a phishing attack:
1. Always have passwords on your computer and any important software. Make sure those passwords are not kept in plain sight and never share them with anyone.
2. Never click on any links in an email that redirect somewhere other than the sender’s website. A simple way to see where the link points is to either mouse over it or look in the bottom bar of your browser for the full url.
3. Make sure you keep up to date on the latest releases and patches for your operating systems. Run Windows update often on your computer or enable automatic update delivery. Same applies for Apple/Mac operating systems.
4. Make sure you are using an updated web browser that includes anti-phishing features, such as Internet Explorer 10, Microsoft Edge, Firefox version 45, Safari version 9.0.3, or Chrome version 49.
5. Do NOT open up any attachments that claim to be a software update, invoice, or bill. Legitimate companies will provide a secure link to their portal with any of this information.
6. NEVER respond to emails asking for account, password, banking, or credit card information.
7. Do not respond to calls or texts asking you to call a number and enter your account number, social security number, or pin. Legitimate companies and government agencies will NOT call you to verify critical information such as your account, credit card, or social security numbers.
8. Do not allow anyone to remotely log into your computer to install updates, patches, or modify your system in any way unless you can verify they actually work for a company you do business with. Legitimate companies will also never ask you to send them money through sources such as Western Union, Moneygram, or Bitcoin.
