Phishing Spotlight: Tax Season Scams

In February 2021, the Internal Revenue Service (IRS) published an alert regarding a new tax phishing scam. According to the alert, the malicious actor is impersonating the IRS and attempting to steal personally identifiable information, such as Electronic Filing Identification Numbers (EFINs) and drivers' license numbers. According to IRS Commissioner, Chuck Rettig, attempts like these are coming from bad actors who are "very active and very creative."

Why tax season scams?

According to Tandem's 2020 State of Cybersecurity survey, responders said the top incident they experienced in 2019 was phishing. Bad actors use current and relevant methods to exploit unsuspecting users into sharing confidential information. So, while phishing is not specific to tax season, since it does affect almost everyone and involves highly sensitive information, it is expected that with a new tax season comes new (and creative) phishing scams. Attackers like to exploit timely opportunities to steal information, compromise identities, and financially profit from human error.

What can you do?

As we move further into tax season, now is the right time to get your team ready with a relevant phishing test. Practicing can help ensure your employees remain mindful of these scams and vigilant against real attacks.

If you are subscribed to Tandem Phishing, or would like to have a free trial (see below for details), you can set up a campaign today designed specifically to verify employee preparedness for a scam similar to the one described by the IRS. 

Here is what you get in our tax-themed phishing template:

• The ability to send your test phishing email from an unfamiliar sender.
• The same subject as the official phishing scam ("Verifying your EFIN before e-filing").
• A variation on the sender's name and branding (i.e., sent from a third party, instead of the IRS).
• A similar email message and calls-to-action as the original scam.
• Multiple links in the email body and footer to offer multiple click opportunities.
• A matching landing page form, to take the test a step further in verifying an employee's preparedness.
• The ability to run reports on who passed or failed the test.

Are your employees ready?

To send this test to your employees, sign into your Tandem account and create a campaign – or – if you are not a current Tandem Phishing customer, send an email to info@tandem.app to request a 30-day free trial. The free trial will give you full access to test your employees with this message (and more) for no cost.

Phishing emails are a top threat to any organization's security, and employees play an essential part in combating them. With timely and relevant campaigns, educational landing pages, and follow-up training opportunities, Tandem Phishing is the perfect complement to your security awareness training program.