In the month of February, we saw an average of 300,000 phishing attempts across Microsoft’s browsing platforms daily. Our security experts expect these attempted scams to become increasingly more prevalent through the April 15 Tax Day, especially in the two weeks leading up to it, when about 25 percent of people file their taxes. The phishing campaigns we’ve seen aren’t just in the U.S., though; we’ve also recently uncovered similar tactics in Canada, Brazil and India. It’s important for users across the globe to follow best practices and stay vigilant.

With less than a month until the filing deadline in the U.S., we are urging the public to take the following simple steps to avoid tax scams – especially during the last-minute rush to file taxes.

  • Watch for suspicious emails. Be suspicious of all links and attachments, especially when the email seems “off” or unexpected – like an unexpected email from your credit card company, or financial institution. Phish-y emails often include spelling and grammatical errors, or will ask you to send personal information. In these cases, you can apply additional scrutiny on the sender, the content, and any links and attachments. If you know the sender, for example, you can double-check with them before opening or downloading the file.
  • Carefully inspect URLs. Hover over links to verify that the URL goes to the website where it’s supposed to direct you. Is it pointing to the site you expected? URL shorteners provide a lot of convenience, but can make this inspection difficult. If you’re unsure, rather than clicking a link, use search engines like Bing to get to the tax-related website you’re looking for and log in from there.
We recently discovered a phishing campaign targeting Canadian Tax payers where scammers were pretending to help Canadian taxpayers get their refunds, but really aimed to steal banking credentials. We’ve also seen old phishing documents resurface – these claim to be from the Canada Revenue Agency (CRA), inform victims that they have a refund via e-transfer from the CRA, and ask them to divulge their bank details where the funds will be “deposited”. We’ve also seen similar campaigns in Brazil and India.
  • Be wary of any attachments. If you haven’t just made a purchase for tax software, don’t be tricked by getting an email with an invoice from a tax preparation company. Sending fake invoices for services is one of the top methods attackers use to trick people into opening a malicious attachment that could automatically execute malware on your computer. Malicious attachments could also contain links that download and execute malicious programs. We’ve seen PDFs that contain innocuous-looking links that lead to people accidentally downloading malicious software designed to steal credentials, like usernames and passwords.
  • Don’t rely on passwords alone. Scammers take advantage of weak or stolen passwords used across multiple websites, so don’t just rely on your password to keep you safe. When possible, always use multi-factor authentication like the Microsoft Authenticator app for managing your sign-ins for Microsoft accounts and others, and Windows Hello for easy and secure sign-in to your Windows 10 device. These solutions enable biometric authentications like your face or fingerprint to quickly and safely sign in across devices, apps and browsers without you having to remember passwords. Did you know that with a Microsoft Account, you can securely and automatically sign-in to other Microsoft cloud-based applications including Bing, MSN, Cortana, Outlook.com, Xbox Live (PC only), Microsoft Store and Office?
  • Keep software current. Run a modern operating system, like Windows 10 or Windows 10 in S mode, with the latest security and feature updates, in tandem with next-generation anti-malware protection, such as Windows Defender Antivirus.

Microsoft security solutions can proactively inspect links and attachments, as well as block phishing documents and other malicious downloads to help protect users, even if they accidentally click a phishing link or open a malicious attachment. We expect tax scams to be on the rise in the next several months as global tax deadlines approach so our experts will be on the lookout for new campaigns.

Here’s a couple of examples of what we’ve seen just in the last few weeks: two documents named irs_scanned_551712.doc and Tax(IP.PIN).doc. You’ll notice that the security tools built into Microsoft Office caught these and displayed a warning at the top. Before enabling content like these, ensure that the sender is a trusted source, and notice things like missing or misspelled words.

tax-related phishing document with malicious macro code

tax-related phishing document with malicious macro code

Be on the lookout for scams like we’ve described here. There will undoubtedly be more schemes that crop up. Stay vigilant! Learn how to report phishing scam websites through Microsoft Edge or Internet Explorer and suspicious email messages through Outlook.com, Outlook 2016, or Office 365.

Keep these tips and tricks handy, and share with your networks so we can increase awareness of and stop the spread of Tax Day scams! For more information about Microsoft Security, please visit microsoft.com/security.