RE: Phishing Season
February 2, 2020


Cybercriminals are known to use seasonal behaviors as well as crises to take advantage of human nature. Cybersecurity experts and organizations are asking people to be especially mindful of the following scams during this time of year.

IRS Impostor Scams

IRS Impostor Scams are in full force during tax season. An impostor will claim that you owe taxes and then demand immediate payment — usually in the form of a prepaid debit card or gift card. They can be fairly convincing because your caller ID might show that the IRS is calling, and they are often able to recite the last 4 digits of your Social Security Number.

It is important to understand that the IRS does not send unsolicited emails and will never engage in this behavior.

W-2 Solicitation

Cybercriminals are continuing to trick payroll and finance personnel into disclosing sensitive information such as employee name, SSN, income, tax withholdings, etc. By posing as high level management or executives, and engaging in casual conversation, they lure people into handing over PII for the organization’s entire workforce.

Phishing scams are also targeting W-9 forms since they include similar sensitive information.

Tax Identity Theft

Tax identity theft occurs when cyber thieves use someone else’s personal information to fraudulently file and claim a return. People need to be vigilant in protecting their Social Security Number, passwords, etc. by not giving them out to unverified people or websites.

The Federal Trade Commission (FTC) recently created a Tax Identity Theft Awareness website in an effort to help educate taxpayers. The FTC’s #1 piece of advice is to “Protect your SSN throughout the year. Don’t give it out unless there’s a good reason and you’re sure who you’re giving it to.”

The Coronavirus

Cybercriminals are exploiting concerns over this latest event to try to lure victims into responding. Currently, this scam uses the World Health Organization logo as a lure to add legitimacy.

Fortunately, the current iteration of this phishing scam is unprofessionally formatted, contains several spelling errors, and its destination website it highly suspect, all of which are indicators that should raise several red flags.

Romance Scams

Although this may initially seem unnoteworthy, Valentine’s Day is almost here. Romance scams are so prevalent and profitable that the FBI recently issued a warning along with advice on how to avoid them.

Remember to be mindful when using email and make sure that you recognize phishing attempts when they occur. Do not click links or open attachments unless you can verify the sender is legitimate and know the content is safe.


If you have any questions regarding this advisory, please feel free to email the Office of Information Security.