Email phishing scams and attempts to steal your information are on the rise as the April 15 tax filing deadline nears, so how can you avoid falling victim to one of these schemes? Phishing attempts have become much more sophisticated in recent years, so it’s even more important to be vigilant in order to protect your personal financial information. In the month of February, Microsoft security experts saw an average of 300,000 phishing encounter attempts across its browser platforms — every single day. These attempted scams will only increase as tax day approaches.
Here are a few simple tips to avoid falling prey to phishing scams.
1. Watch for suspicious emails. Be suspicious of any unexpected emails, and avoid clicking on links or attachments, especially when the email seems “off” to you, or unexpected, like an email from a tax preparation service, your credit card company or a financial institution. Although the email may appear to be genuine on the surface, if it is not part of your regular interactions with the company, it’s worth further scrutiny. You’re always safer using the direct URL of the company and accessing your account from there to process any transactions or to check your account, not by accessing from a link inside an email. Also, any emails claiming to be from the I.R.S. are most likely bogus, as the Internal Revenue Service does not initiate interactions via email, phone, social media or text, and uses the U.S. Postal Service for nearly all communications with taxpayers.
2. Carefully inspect URLs. You can simply hover over links within the suspicious email with your cursor (without clicking it) to view the URL. See if it actually goes to the website where it claims to direct you. URL shorteners provide convenience, but they can sometimes make the inspection difficult. When in doubt, use your search engine to find the correct company URL and go from there. You can also hover over the email sender’s email address to see if it matches the sender you’re expecting.
3. Be wary of all attachments. If you haven’t just made a purchase for tax processing software or used a tax preparation service, don’t be fooled by getting an email containing an invoice from a tax preparation service or software company. Sending fake invoices for services or products is one of the top methods that attackers use to trick people into opening a malicious attachment that could automatically execute malware on your computer. Malicious attachments could also contain links that download and execute malicious programs if you click on them. PDF attachments that contain innocuous-looking links can lead to users accidentally downloading malicious software designed to steal their credentials.
4. Don’t rely on passwords alone. Whenever possible, opt to use multi-factor authentication like the Microsoft Authenticator app for managing your "manage service account" logins and Windows Hello for easy and secure sign-in to your Windows 10 device. They enable biometric authentications such as your face or your fingerprint to quickly and safely log in across devices, apps and browsers without you having to remember passwords. With a Microsoft account, you can also securely and automatically sign in to other cloud-based applications including Bing, MSN, Cortana, Outlook.com and Xbox Live (PC only).
5. Keep your software current. Run a modern, up-to-date operating system, such as Windows 10, and make sure to stay current with the latest security and feature updates, in conjunction with using built-in anti-virus protection like Windows Defender Antivirus.
Don't fall victim to sophisticated phishing attempts via email. Protect your personal information by informing yourself about the latest scams. With just a little extra care and vigilance, you should be able to steer clear of “phishy” emails and other scamming attempts this tax season.