US Tax Season Phishing Scams and Malware Campaigns

ID CISA:21D4E01029A79B06B468DB828575A0EF
Type cisa
Reporter CISA
Modified 2014-02-26T00:00:00


In the past, US-CERT has received reports of an increased number of phishing scams and malware campaigns that seek to take advantage of the United States tax season. The Internal Revenue Service has issued an advisory on its website warning consumers about potential scams. Tax season phishing campaigns may include, but are not limited to:

  • Information that refers to a tax refund,
  • Warnings about unreported or under-reported income,
  • Offers to assist in filing for a refund, or
  • Links to counterfeit e-file websites.

These messages, which can appear to be from the IRS, may ask users to submit personal information via email, or include links to sites that request personal information or host malicious code.

To protect themselves against these types of phishing scams and malware campaigns, users and administrators are encouraged to take the following measures:

  • Do not follow links in unsolicited email messages.
  • Keep antivirus software up to date.
  • Refer to US-CERT's Security Tips on Recognizing and Avoiding Email Scams and Avoiding Social Engineering and Phishing Attacks for additional techniques and recommendations.
  • Visit the IRS page for instructions on how to report suspected tax season phishing messages.

This product is provided subject to this Notification and this Privacy & Use policy.

Please share your thoughts.

We recently updated our anonymous product survey; we'd welcome your feedback.