As taxpayers eagerly await their economic stimulus rebate checks from the IRS, phishers are using the opportunity to defraud consumers. The checks are supposed to start mailing in May, but phishers are using the promise of getting the money sooner, through direct deposit to a bank account, as bait to steal consumers’ identities.
An email, purportedly from the IRS, tells consumers to go to a linked Web site and provide bank account and routing numbers in order to receive their rebates sooner through direct deposit. The email even includes a deadline to increase the sense of urgency. Needless to say, the email is fake and is an attempt by phishers to fool unknowing consumers into giving up their bank account information.
In the continued battle against phishers and their criminal practices, Iconix offers its 10 Tips to Avoid Phishing Attacks:
1. Automatically block malicious/fraudulent email using spam detectors and filters, but remember they are not foolproof.
2. Download free email identity and web reputation tools, such as Iconix eMail ID, Trend Micro’s TrendProtect and McAfee SiteAdvisor. These tools will help you to easily recognize legitimate emails and potentially dangerous Web sites.
3. Ensure that your browser is up to date and security patches applied.
4. Be very cautious opening an email if you do not recognize the sender.
5. Be suspicious of any request for personal information or password changes, even if they appear to be from a legitimate source. Most organizations, including the IRS, will never ask you for personal information via email.
6. Do not use a company link from a financial institution or a retailer included in an email. Use your browser to go the main site and log in. 7. Do not open email attachments unless you know what they are. This is a common way that phishers plant malware on your computer.
8. Use common sense – if an offer seems too good to be true or an email seems suspicious, delete it immediately.
9. Always ensure that you’re using a secure website when submitting credit card or other sensitive information via your Web browser.
10. Regularly monitor all online accounts for any suspicious activity.