In the month of February, we saw an average of 300,000 phishing attempts across Microsoft’s browsing platforms daily. Our security experts expect these attempted scams to become increasingly more prevalent through the April 15 Tax Day, especially in the two weeks leading up to it, when about 25 percent of people file their taxes. The phishing campaigns we’ve seen aren’t just in the U.S., though; we’ve also recently uncovered similar tactics in Canada, Brazil and India. It’s important for users across the globe to follow best practices and stay vigilant.
With less than a month until the filing deadline in the U.S., we are urging the public to take the following simple steps to avoid tax scams – especially during the last-minute rush to file taxes.
Carefully inspect URLs. Hover over links to verify that the URL goes to the website where it’s supposed to direct you. Is it pointing to the site you expected? URL shorteners provide a lot of convenience, but can make this inspection difficult. If you’re unsure, rather than clicking a link, use search engines like Bing to get to the tax-related website you’re looking for and log in from there. We recently discovered a phishing campaign targeting Canadian Tax payers where scammers were pretending to help Canadian taxpayers get their refunds, but really aimed to steal banking credentials. We’ve also seen old phishing documents resurface – these claim to be from the Canada Revenue Agency (CRA), inform victims that they have a refund via e-transfer from the CRA, and ask them to divulge their bank details where the funds will be “deposited”. We’ve also seen similar campaigns in Brazil and India.
Be wary of any attachments. If you haven’t just made a purchase for tax software, don’t be tricked by getting an email with an invoice from a tax preparation company. Sending fake invoices for services is one of the top methods attackers use to trick people into opening a malicious attachment that could automatically execute malware on your computer. Malicious attachments could also contain links that download and execute malicious programs. We’ve seen PDFs that contain innocuous-looking links that lead to people accidentally downloading malicious software designed to steal credentials, like usernames and passwords.
Microsoft security solutions can proactively inspect links and attachments, as well as block phishing documents and other malicious downloads to help protect users, even if they accidentally click a phishing link or open a malicious attachment. We expect tax scams to be on the rise in the next several months as global tax deadlines approach so our experts will be on the lookout for new campaigns.
Here’s a couple of examples of what we’ve seen just in the last few weeks: two documents named irs_scanned_551712.doc and Tax(IP.PIN).doc. You’ll notice that the security tools built into Microsoft Office caught these and displayed a warning at the top. Before enabling content like these, ensure that the sender is a trusted source, and notice things like missing or misspelled words.
Be on the lookout for scams like we’ve described here. There will undoubtedly be more schemes that crop up. Stay vigilant! Learn how to report phishing scam websites through Microsoft Edge or Internet Explorer and suspicious email messages through Outlook.com, Outlook 2016, or Office 365.
Keep these tips and tricks handy, and share with your networks so we can increase awareness of and stop the spread of Tax Day scams! For more information about Microsoft Security, please visit microsoft.com/security.
The post Steer clear of tax scams appeared first on [Microsoft Security.