Phishing threats for the tax season

Throughout the year, scam artists pose as legitimate entities—such as the Internal Revenue Service (IRS), other government agencies, and financial institutions—in an attempt to defraud taxpayers. They employ sophisticated phishing campaigns to lure users to malicious sites or entice them to activate malware in infected email attachments. Several Washington state agencies have already seen these types of attacks in 2016.  

The IRS does not initiate contact with taxpayers by email, text messages or social media channels to request personal or financial information. If you have any questions, the official website of the IRS is www.irs.gov and is a wealth of information.

Phishing attacks use email or malicious websites to solicit personal information by posing as a trustworthy organization. In many successful incidents, recipients are fooled into believing the phishing communication is from someone they trust.

Take a look at actual tax phishing emails to see what they may look like

Take action to avoid becoming a victim

If you believe you might have revealed sensitive information about your organization or access credentials, report it to your agency cyber security contact. They can then take any actions they need to including starting the Incident Response Plan and watching for any future suspicious activity.

Watch for any unexplainable charges to your financial accounts. If you believe your accounts may be compromised, contact your agency cyber security contact.

If you believe you might have revealed sensitive account information, immediately change the passwords you might have revealed. If you used the same password for multiple accounts, make sure to change the password for each account and do not use that password in the future.

RESOURCES