Simple 5-Point Checklist to Recognize and Fight Phishing Attacks

The IRS offers these five tips on how to spot and avoid a phishing email:

1. It contains a link. Scammers often pose as the IRS, financial institutions, or tax companies or software providers. They may claim you need to update your account or change a password. The email offers links to a spoofing site that may look similar to the legitimate official website. Do not click on the link. If in doubt, go directly to the legitimate website and access your account.
2. It contains an attachment. Scammers often include an attachment to an email. This attachment may be infected with malware that can download malicious software to your computer without your knowledge. If it’s spyware, scammers can track your keystrokes to obtain information about passwords, Social Security numbers or other sensitive data. Do not open attachments from unknown sources.
3. It appears to be from a government agency. Scammers attempt to trick people into opening email links by posing as the IRS and other government agencies. The IRS does not initiate taxpayer communications through email.
4. It’s an “off” email from a friend. Scammers also hack email accounts and try to leverage stolen email addresses. You may receive an email from a “friend” that just doesn’t seem right. It may be missing a subject for the subject line, or contain odd requests or language. If it seems off, avoid opening it and do not click on any links.
5. It has a lookalike URL. A questionable email may try to trick you with the URL. For example, instead of www.irs.gov, it may be a false lookalike such as www.irs.gov.maliciousname.com.

Editor’s note: The Intuit® ProConnect™ Tax Pro Center has several articles on helping you protect identity theft at your firm and as an advocate for your clients. In addition, if you ever feel you’ve received a phishing email that isn’t from Intuit, forward the email to spoof@intuit.com.