HOW TO SPOT A PHISHY EMAIL

Security threats come in various forms and from many different directions. You’ve probably heard of viruses, trojans, keyloggers and ransomware. Want to know what many of these threats have in common? They can all be the result of phishing attacks.

Bad actors use bait – usually in the form of a seemingly legitimate email, file attachment or link — to “phish” for victims. These emails can be incredibly hard to tell as they often mimic legitimate emails that you receive on a regular basis.  Because this bait is usually spread via email, it’s hard for security software to filter out. That’s what makes it so scary.

Even if you have security software, phishing is a serious threat, one that can expose you to ransomware. Here's how to avoid these dangerous emails.

IRS Reports Surge in Email, Phishing and Malware Schemes

The IRS has issued several alerts about the fraudulent use of the IRS name or logo by scammers trying to gain access to consumers’ financial information in order to steal their identity and assets. Scammers use the regular mail, telephone, fax or email to set up their victims. When identity theft takes place over the web (email), it is called phishing.

The IRS saw an approximate 400 percent surge in phishing and malware incidents in the 2016 tax season.

Scam emails are designed to trick taxpayers into thinking these are official communications from the IRS or others in the tax industry, including tax software companies. These phishing schemes can ask taxpayers about a wide range of topics. Emails can seek information related to refunds, filing status, confirming personal information, ordering transcripts and verifying PIN information.

Variations of these scams can be seen via text messages, and the communications are being reported in every section of the country. The IRS is aware of email phishing scams that appear to be from the IRS and include a link to a bogus web site intended to mirror the official IRS web site. These emails contain the direction “you are to update your IRS e-file immediately.” The emails mention USA.gov and IRSgov (without a dot between “IRS” and “gov”), though notably, not IRS.gov (with a dot). These emails are not from the IRS.

The sites ask for Social Security numbers and other personal information, which could be used to help file false tax returns. The sites also may carry malware, which can infect people’s computers and allow criminals to access your files or track your keystrokes to gain information.

For more details, see:

The IRS does not initiate taxpayer communications through email. Unsolicited email claiming to be from the IRS, or from an IRS-related component such as EFTPS, should be reported to the IRS at phishing@irs.gov.

For more information, visit the IRS’s Report Phishing web page.

Beware – Microsoft Security Email Scam

OK, so you got an email from “Microsoft” and it reads something like Microsoft Security info We’ve discovered series of attempts on your mail account from new IP locations. This is for your own safety to continue using your account, click the button below.

Without spending more than a few seconds you can see this came from a gmail account and also had grammar issues.  These are quick identifiers to show they are not legit.  Microsoft would never send you a message from gmail.  There are also other clues… if you hover over the “Verify My Account” link without clicking it revels a URL to a foreign server not a Microsoft domain.

Although this type of Phishing is nothing new, we have had a surge in inquiries regarding these messages.  Microsoft will not send you any email like this asking you to logon or provide credentials.  You should always type in the URL manually or use a bookmark and never click a link in an email message you are not sure of.

Refer back to our 8 Ways to protect yourself from Viruses and Malware article for additional information on avoiding malware.