Tax Season = Phishing Season

As you prepare your 2017 tax return, you’ll likely use email to send personal information to your accountants or other financial professionals. But as you sort through your inbox, can you tell the difference between a legitimate email and a scam?

With tax season right around the corner, we generally see an increase in reports of phishing—a form of cybercrime designed to trick you into divulging sensitive data. A phishing email usually requires you to click a link that looks innocent but actually sends malware that breaches your computer’s defenses and steals your information. (It could also lead you to a form asking you to enter such information.)

Hackers send these emails to unsuspecting recipients in the hopes that they’ll obtain bank account numbers, social security numbers and other information often needed by financial professionals. They then use this information to commit identity theft or steal your money.

The best way to protect yourself from phishing emails is to know how to spot them. Here are some of the red flags:

  • Unauthorized “From” address: Look at the address sending the email, and become familiar with the legitimate addresses for organizations related to filing taxes. For example, the website address for the IRS is and not If the “From” line doesn’t match the correct website, the email is not from the IRS.
  • Link leading to a fake web site: To see where a link will actually take you, hover your cursor over the link to display the URL address. Fraudulent emails generally have long, convoluted addresses embedded in links (and as stated above, it likely won’t match the correct address of the organization).
  • Unsolicited email: The IRS, your bank, the U.S. Postal Service or any legitimate entity will never use email to make initial contact you about these types of matters.
  • Immediate action required: Fostering a sense of urgency is a hallmark of fraud. A phishing e-mail will want you to take immediate action or to confirm something.
  • Excessive grammar mistakes: We all make occasional typos or misspellings. But an email rife with grammatical errors is almost certainly fraudulent.

If you doubt the validity of any email, do not click on any link within the text or download any file it contains. Instead, contact your IT department or service provider.

Leave a Comment