Top 10 Tips: Stay Safe From Phishing on Tax Day

Blog Post created by ckirsch on Apr 15, 2013

More than ever before, people are filing their taxes online versus using an agent. The IRS now offers to confirm by email of submissions and alerts. Hackers are gearing up to capitalize on this through malicious phishing schemes aimed at the consumer. Be on the lookout for increased tax-related phishing schemes and provide them with concrete ways to avoid these attacks. And remember: This is not only important for individuals to protect their own organizations, but also for organizations employing the individuals if they are checking in on their tax filing from work.


Our Top 10 Tips for Tax Day


  1. Don’t trust links in an email – always enter the web address yourself or pick the website from your bookmarks.
  2. Don’t open unexpected attachments or instant message download links.  Be suspicious if an email says “do X or something bad will happen,” e.g. “you owe $23,829 in back taxes; you can object to this assessment by using the attached form.”
  3. Be suspicious of any email with urgent requests for personal financial information. Never give out personal information upon email request.
  4. If the email sounds too good to be true, it probably is!
  5. Look carefully at the web address; it could be a close approximation of the real URL.
  6. Always ensure that you're using a secure website when submitting credit card or other sensitive information via your web browser; look for the https:// and/or the security lock icon.
  7. Regularly log into your online accounts and check your bank, credit and debit card statements to ensure that all transactions are legitimate
  8. Enable two-factor authentication whenever possible. This combines something the user knows (such as a password or PIN) with something the user has (such as a smart card or token) or even something the user is (such as a biometric characteristic like a fingerprint).
  9. Keep your operating system updated, ensure that your browser is up to date and security patches are applied
  10. Use a reputable anti-virus program.


Metasploit Pro enables you to send simulated phishing emails to measure your exposure and improve your users' security awareness. To test your organization's security awareness on phishing emails, download a trial of Metasploit Pro today.