NEW YORK – The IRS says it’s seen a “surge” this year in phishing emails.
Thieves are baiting special hooks for payroll and human-resources workers in hopes of snagging a company’s entire stash of employee Social Security numbers and other personal information.
Meanwhile, tax-season phishing attacks against individuals are also up. Last month, the IRS said it had seen a quadrupling of phishing- and malware-related incidents.
Experts warn that phishing emails often masquerade as legitimate communication from your bank, human resources department or email provider. They’re designed to steal confidential information stored in your computer or gain access to the network it’s attached to. That information can be used to file a false tax return.
Phishing lures continue to increase in sophistication, making it tough to discern which emails are legitimate and which aren’t.
Phishing peaks during tax season when many people enter their most personal information – such as Social Security numbers or bank account information – on websites, says Satnam Narang, senior security-response manager for security software maker Symantec.
Phishing also spikes around Christmas, with attacks in the form of fake delivery notifications. Thieves also often tie phishing emails to major sporting events, or natural disasters like overseas earthquakes, says Raj Samani, chief technology officer for Europe, the Middle East and Africa at Intel Security.
“They’re very much up with the latest news and information,” Samani says. “If they can spend a little more time and get a 0.1 percent increase in click-throughs, then their campaign becomes hugely more profitable and successful.”
Narang likens phishing to a person casually throwing a rod in a lake and waiting for a bite. Phishing emails don’t contain a lot of specifics, but are quick and easy to send out in mass quantities.
“Spear phishing” is much more targeted and personalized. The people behind those attacks spend time researching their targets in order to create highly customized emails that look much more legitimate and are much more likely to be clicked on.
The rise of social media has made this a lot easier – thanks to personal details people share through Facebook, Twitter and other mediums.