Don’t take the bait; Avoid phishing emails

INDIANAPOLIS – The Indiana Department of Revenue (DOR) encourages all Hoosiers to be on the lookout for new, sophisticated email phishing scams as data breaches reach an all-time high. Phish scams not only endanger someone’s personal information, but they can also affect a customer’s tax refund.

The most common way for cybercriminals to steal a taxpayer’s bank account, password, credit card or Social Security number is to simply ask for it. Every day, people fall victim to phishing scams that cost them time and money.

Emails urgently warning customers to update their online financial accounts are fake, as are emails directing customers to download a document from a cloud-storage provider. Emails suggesting customers have a $64 tax refund waiting at the Internal Revenue Service (IRS) or implying the IRS needs information about the customer’s insurance policies? Fake.

Phishing attacks use email or malicious websites to gather personal, tax or financial information by posing as a trustworthy organization. In many successful phishing attacks, recipients are fooled into believing the phishing communication is from someone they trust.

A cybercriminal may take advantage of knowledge gained from research or earlier attempts to masquerade as a legitimate source, including the look and feel of authentic communications using agency or business logos. These targeted messages can trick even the most cautious person into taking action that may compromise sensitive data.

Some phishing emails will appear to come from a business colleague, friend or relative. Criminals may have compromised your friend’s email account and are using their email contacts to send phishing messages.

Not all phishing attempts are email scams – some are phone scams. One of the most common phone scams is the caller pretending to be from the IRS and threatening the taxpayer with a lawsuit or with arrest if payment is not made immediately, usually through a debit card.

Phishing attacks, especially online phishing scams, are popular with criminals because there is no fool-proof technology to defend against them. Customers are the main defense. When customers see a phishing scam, they shouldn’t take the bait.

 Want to know how to avoid an attack? Here are a few steps to take:

  • The IRS and DOR do not contact customers by email to request personal or financial information. Neither the IRS nor DOR will send text messages, use social media channels or call taxpayers with threats of lawsuits or arrests.
  • Always be on alert and be skeptical. Never open a link or attachment from an unknown or suspicious source. Even if the email is from a known source, approach with caution. Cybercrooks are skilled at mimicking trusted businesses, friends and family.
  • Use security software to protect against malware and viruses. Some security software can help identity suspicious websites that are used by cybercriminals.
  • Use strong passwords to protect your online accounts.  Each account should have a unique password. Criminals count on people using the same password repeatedly, giving them access to multiple accounts if they steal your password.
  • Use multi-factor authentication when offered. Two-factor authentication means in addition to entering your username and password, you must enter a security code generally sent as a text to your phone. Even if a thief manages to steal your username and password, it’s unlikely he or she would also you have your phone.

Remember, when in doubt, it is best to not open an email. Contact the sender to determine if the email is legitimate.

SOURCE: News release from Indiana Department of Revenue