“Phishing” is done differently in the winter. Phishing is how online scammers bait you to give them private information. Starting about now and into the new year, the bait is often your taxes. Attackers know that banks and other financial services firms are sending out a mountain of end-of-the-year tax documents. And this gives scammers a legitimate reason to contact you.
We advise all our clients — and employees — to keep an eye out for phishing emails requesting or providing W-2 or K-9 forms, claiming to be from accountants, the IRS or even online tax prep services such as TurboTax.
Be sure to be extra cautious if an email does the following:
- Asks for private information, such as your Social Security number or date of birth.
— The IRS or any other legitimate financial institution would never do this.
- Has a sense of urgency.
— This is to catch you off guard so you click on a malicious attachment or provide key info.
- Contains links or attachments.
— Be very, very suspicious of links and attachments, even from seemingly familiar sources. Hover over the link to see the address of sender. Is there something fishy about it? If an attachment, peruse the entire email very carefully before downloading. Once you download an attachment or click on a link, you are vulnerable to all sorts of trouble — viruses, blackmail, hacking.
Also, remember that just because an email is personalized or from a friend, it doesn’t mean it is legit! These days, it’s far too easy for attackers to dig up personal information that make their emails more convincing. And if they have hacked the email of someone you know, they are contacting you through that email.
What should you do with a suspicious email? Delete it. To make sure it was not a legitimate email, you can call the bank, the IRS or whatever institution is presented to confirm.
Take our word for it, though: legitimate financial institutions do not email or call asking for your personal information.