The chance for cybercriminals to make massive profits by filing fake tax return submissions is significant, many time leasing to refunds of thousands of dollars being processed by the U.S. Internal Revenue Service (IRS). Every year tax workers being sent a range of IRS phishing messages that seek to steal sensitive data that can be leverage by the cybercriminals to illegally obtain identities and send in fraudulent tax returns using their victims detail.

In 2021 many tax season phishing scams have been uncovered including the subject lines such as “Tax Refund Payment” and “Recalculation of your tax refund payment” that tries to trick the recipient’s into opening the emails. The emails feature the authentic IRS logo and tells recipients that they qualify for an additional tax refund, but in order to be transferred the payment they must click a link and fill out a form. The form in question looks like a real IRS.gov form, with the page an exact replica of the IRS website, although the website on which the form is displayed is not an official IRS portal.

The form seeks a wide range of private personal information to be supplied so that the refund can be processed. The form requests the individual’s identity, birth data, Social Security information, driver’s license number, existing address, and electronic filing PIN. For extra realism, the phishing portal also shows a popup notification saying, “This US Government System is for Authorized Use Only”, which is the same warning message that is displayed on the genuine IRS website.

The cybercriminals look like they are focusing on universities and other educational bodies, both public and private, profit and nonprofit with many of the reported phishing emails from staff and students with .edu email addresses.

Educational agencies should employ measure to mitigate the chance of their staff and students being tricked by these scams. Warning all .edu account holders to warn them about the campaign is crucial, particularly as these messages are getting around Office 365 anti-phishing measures and are landing in inboxes.

Any educational entity that depends on Microsoft Exchange Online Protection (EOP) for preventing spam and phishing emails – EOP is the default protection provided free with Office 365 licenses – should strongly think about enhancing anti-phishing security with a third-party spam filter.

SpamTitan has been created to supply better protection for Office 365 environments. The solution used along with Office 365 and easily integrates with Office 365 email while greatly improving spam and phishing email security, dual antivirus engines and sandboxing provide excellent security from malware.

To find out more in relation to SpamTitan anti-phishing security for higher education institutions call Spam. You can avail of a free trial to allow you to assess the solutions prior to deciding to buy it.