Barracuda Central is detecting a variety of tax-related phishing emails. These emails are designed to look like official communications from the IRS or similar tax revenue entities outside of the US. Most of the emails we have detected include links in the body of the message. These links are designed to phish for the victim's info or to install malicious content on the victim's computer. All of these emails have the same agenda of tricking people into clicking on the malicious links.
Some of these emails claim to be automated notification messages sent from the IRS. These emails ask the recipient to update a W2 profile with a “new W2 E-Data Form”. Some of these messages are also claiming that if this is not done within 48 hours, a refund will be delayed or not paid.
Other similar IRS phishing emails have an attached HTML form. This form prompts the recipient to input personal information such as: social security number, Date of Birth, home address and Employer info and etc. If this form is submitted, the victim is directed to a different site, and all personal information that was just entered is now stored for a spammer to use.
Another variant has the subject “Pending Tax Refund”. This variant attempts to trick the recipient into clicking on the link that claims there is an outstanding tax refund from an overpayment in a prior year. These messages are coming from an .UK domain, and are posing as official communications from HM Revenue & customs. This is the department of the UK Government that is responsible for the collection of taxes. The government already knows about this issue and has created a site to inform people about this scam: here
The above variant poses as a message from the “Canada Revenue Agency”. The email has a link to a site that asks the victim to transfer money electronically, so that the sender can access the payment card information. The real “Canadian Revenue Agency” is warning people of these phishing scams: Here
Some of the emails include a link asking the recipient to verify a username and password. The message claims that the reader has incorrectly attempted to login too many times. These emails often use the branding of legitimate companies, like “Intuit TurboTax,” in order to build credibility with the reader. If you receive an email like this, you can hover over the links in the body of the message to see the URL associated with the link. In this case, you can see that the link is not related to TurboTax. This particular email is an attempt to steal personal information for fraudulent use.
In conclusion, never open anything that looks even the slightest bit suspicious. The IRS website tells you that they DO NOT initiate contact with taxpayers by email, text messages or social media channels to request personal or financial information (IRS Contact). They also have the 12 most recent scams posted on their website to help inform and protect people from fraudulent activity (Dirty Dozen).