As tax season approaches in the United States and Canada, we often see an increase in tax-related phishing attempts. Cybercriminals target individuals and businesses by spoofing the Internal Revenue Service (IRS) and Canada Revenue Agency (CRA). The IRS and CRA do NOT initiate contact with taxpayers by email, text messages or social media channels to request personal or financial information.

Between now and April, you may receive phishing emails asking you to file your tax return or telling you there are issues with your tax return. Malicious links and attachments are often included. Cybercriminals are hoping to gain employee tax information, wage details, Social Security numbers (SSN) and other Personal Identifiable Information (PII).

Be aware of ALL unsolicited emails that request sensitive information. If you receive a request for information, take the time to validate the request by checking the email thoroughly.

Consider the following:

• Where has the email come from – does the “from” address look legitimate or could it have been “spoofed”?
• Does the email have a generic/non-personal greeting?
• Is the sender trying to create a sense of urgency or do they threaten action if you do not comply immediately?
  

Cybercriminals will target anyone during tax season but individuals who work in Finance and HR departments can be a bigger target.

If you receive a suspicious email, use the "Report Spam/Phishing" button to report it.

If possible, please do not use your company devices to complete your tax returns. By doing so, your employer’s IT support staff can get bombarded with unnecessary scanning alerts from the tools that run on your company devices to help keep you or your org’s information protected. This means IT analysts’ attention is moved from serious threats they could be investigating.