Tax Refund Phish

What happened?

Over the weekend and this morning, FIT (and many of our peer SUNY campuses) received emails from several senders all purporting to represent the IRS, with a subject line of “Recalculating Your Tax Refund Payment.” The emails contained a click button that brings users to a site that looks like an IRS.gov site, but is in fact a look-alike site that intends to steal information and may load malware as well.  

Tax scams are common this time of year: See our 2017 Cybersafe article on the topic. And, this scam capitalizes on confusion whether the recent COVID stimulus bill further requires recipients to re-do their taxes. In addition, cyberattacks against higher-education institutions are on the rise this year due to the increased prevalence of remote learning; phishing is one of the primary means of attack.

We’ve removed the fraudulent emails and blocked the senders. However, since the attacker can simply adopt a new sender name and try again, we wanted to make the community aware.

What can you do to protect yourself?

  • Use extreme caution when receiving emails with attachments and links. These links or attachments can be malware that will infect your computer. What looks like a legitimate hyperlink can be a link to a criminal website. When in doubt, hover your mouse over the text of the hyperlink; you should see the full URL, which will help to show whether it leads to a legitimate website.

  • Exercise caution with all email communications you receive, including those that purport to be from a trusted entity. Inspect the sender’s information to confirm the email was generated from a legitimate source. Read more about the 4 Don’ts.

  • If you are unsure about an email, contact the sender to confirm using a valid method that is known to you. Don’t use a phone number or email supplied in the suspicious email.

  • Lock down your personal information by enabling two-factor authentication on as many of your online financial accounts as possible.

  • Make sure you have a trusted, up-to-date, and active antivirus software installed on your home computer. Learn more here.