Yes, you’re right: there is no “opening” to “phishing season” as it’s an ongoing activity. But there are events that provide Bad Actors with extra assistance in crafting approaches to separate users from their login credentials.

And one of those events is tax season.

Don’t Fear the IRS

We know that Bad Actors will use fear (and greed, and other emotions) to convince users to take action on a phishing email. And taxes are an emotional subject for just about everyone. So it’s not surprising, as this Dark Reading article  describes, that scammers load phishing malware into documents designed to look like tax-related documents.

(Side note: I’m puzzled why Office 365 users would be hacked in this manner. I would think that the antivirus engines would have caught these files before they were delivered to users. But the article above doesn’t address that point.)

So it may be wise to send out a reminder to users, asking them to be wary of emails that claim to be from the Internal Revenue Service. And they should be cautious about messages that contain IRS-related documents or links.

Some Other Tips to Avoid Phishing Attacks

• Look at the sender’s email address. This is the part containing the @ symbol. The Display Name will be something reasonable like “IRS Collections.” But the actual address will often not match with the organization that would have sent the message.  For instance, a message from the IRS shouldn’t have an email address like samu@cgncc.ruv.ru
• Remember that if the IRS wants to talk to you, they’ll send a certified letter.
• If it looks like HR is sending out a W-2 or similar attachment in an email, check with them first. See if it’s really them doing this. These forms are normally mailed to your home address, so receiving them via email would be unusual.
• We often see messages that come from an old contact, but contain little text. The message body might say “hey there.” and then include a link or attachment. You should be suspicious of messages you receive like this. Especially if they come from people you’ve been out of touch with for some time.
• Think twice before you click on that link. Hover over it with your mouse to see what the actual link address is and decide if it’s legitimate.

Bonus Tip for Office 365 Customers

Get Enterprise Mobility and Security (EMS in Microsoft-speak) implemented, now. The Advanced Threat Protection feature of EMS will “sandbox” any links in an email and intervene if the user attempts to click on a suspicious link. It will also test attachments for malware in a safe environment, and only deliver them if they pass the test.

Remember: for Bad Actors, any day is a good day to collect user credentials. Keep your users informed and aware, so they can stay safe.