Tax season is here again, and with it comes an uptick in scammers using phishing emails designed to steal personal information from their victims in order to commit tax fraud. We encourage you to use extreme caution with any email correspondences requesting personal information. Please refrain from opening any attachments or following any links in emails purporting to be tax-related. If you think you have received a phishing message, please forward the message to firstname.lastname@example.org immediately, and our experts will evaluate its authenticity. We have collected some resources to help provide some guidance for staying safe while filing taxes.
Tax Fraud Resources
You can find additional information about avoiding phishing scams from the Center for Internet Security at the following link.
New Year, New You…Same W-2 Tax Scam
The IRS has produced guidance for avoiding identity theft during tax season on their Identity Theft Central page.
Identity Theft Central | Internal Revenue Service
The IRS posts a list of known tax scams at the following link.
Tax Scams / Consumer Alerts | Internal Revenue Service
Gil the Phish Drops the Bait
Phishing Safety Tips
As always, we encourage you to follow best practices related to email phishing by looking out for the most common warning signs. Below, you will find some good practices for avoiding phishing scams. You can find the list below along with additional information on our phishing page at https://informationsecurity.wustl.edu/topics/phishing/.
- Don’t click.
Instead of clicking on any link in a suspicious email, type in the URL, or do a search on wustl.edu for the relevant department or page. Even though a website and/or URL in an email looks real, criminals can mask its true destination.
- Keep your information private.
Never give out your passwords, credit card information, Social Security number, or other private information through email.
- Know what’s happening.
Visit the Information Security Office Alerts page often and follow us on Twitter to get the latest WashU Information Security Alerts.
- Pick up the phone.
If you have any reason to think that a department or organization really needs to hear from you, call them to verify any request for personal or sensitive information. Emails that say “urgent!”, use pressure tactics or prey on fear are especially suspect. Do an online search for a contact phone number or use the contact number published in the WUSTL directory.
- Use secure websites.
Always check if you are on a secure website before giving out private information. You can determine whether a website is secure by looking for the “https://” rather than just “http://” in the Web address bar or for the small lock icon in the Internet browser.
- Pay attention to security prompts.
If your browser cannot validate the authenticity of the website’s security certificate, you will be prompted. This is frequently a telltale sign of fraud, and it would be a good time to pick up the phone or report a suspicious message.
- Keep track of your data.
Regularly log onto your online accounts and make sure that all your transactions are legitimate.If you are a victim of an email scam, report it to your IT department, the ISO, or HIPAA Privacy Office.
- Review your account statements.
- Reset any account passwords that may have been compromised.