Teach a Man to Phish: Six Common Elements of Phishing Scam and How to Spot Them

Sensationalist headlines about cybersecurity incidents have become the norm. Sadly, so too have clever email phishing scams. A recent notice issued by the Internal Revenue Service warns taxpayers of yet another email phishing scam.

The Technology Consulting Services department at Schneider Downs describes phishing as “one of the most common social engineering methods that hackers utilize to deliver malware, compromise credentials, steal sensitive data and carry out a variety of other threats. Through phishing, attackers send email messages that appear to be legitimate, and will play on human emotions in order to force a user error.”

As discussed in IR-2019-145 the latest scam is an email prompting a taxpayer to follow a link to get information about their electronic tax return or tax account. When the link is clicked, a malicious file is downloaded to their computer. These files usually contain malware that can track every keystroke – and that can eventually give a hacker access to passwords and other important financial information.

Phishing scams have also resulted in some form of extortion, in which the scammer threatens to release evidence of a person’s embarrassing antics or criminal behavior, unless the victim agrees to pay them.

While phishing scams are common, they are becoming increasingly more sophisticated. It is difficult for the untrained eye to determine a real email from a fraudulent one. The Schneider Downs Cyber Security Team warns of several common elements that can help one to more easily identify a phishing email threat:

  1. Too good to be true - Usually the email will include some type of draw that will grab your attention. In the case of the latest scam, a mention of tax savings would be eye-catching.
  2. Sense of urgency - There is usually an expiration date on the aforementioned draw or a warning that you will be locked-out from the online account if the matter is not addressed within a certain period of time.
  3. Bogus hyperlinks - While they can appear to lead to a legitimate website, a bogus hyperlink could actually contain only a slight change or variation that will lead you to a fake website or to download a malicious file.  
  4. Phishy “From” addresses - The email address of the sender can easily be spoofed in a similar way to a bogus hyperlink. A phishing email can appear to be from someone you know like a colleague or a superior; it is recommended that you hover over the address to check for errors or variations in spelling or formatting. It is also important to consider the tone of the email. If it appears to be from a sender that you know, is their pattern of language and email signature consistent with previous correspondence? If it seems out of the ordinary, don’t open the email.
  5. Attachments - Any attachment should warrant additional scrutiny. It is prudent to never open unsolicited attachments. Password-protected PDFs have become an increasingly popular tool by which scammers gain access to your personal information. Upon attempting to open a password protected PDF, the recipient is prompted to enter their username and password, which is then collected and can be used to gain access to your other accounts. If you use password-protected PDFs frequently, the Schneider Downs Cyber Security Team reminds you to refrain from including your password in the email message.
  6. Unusual requests - Many phishing schemes will prompt the reader to send gift cards, cashier’s checks, money orders etc. This should be a red flag that the request is not legitimate.

When it comes to data security it is better to be proactive than reactive. The first step to being proactive against cybercrime is to educate yourself, your friends, and your family about the potential threats and how to better identify them.

It is important to remember that the IRS does not contact taxpayers by email, text messages, or via other social media platforms, nor do they demand immediate payment. If they need to contact you about your personal or business tax matters, the IRS will initiate all correspondence via the postal service.  If you suspect that you have been a victim of tax-related fraud or that your friends or coworkers could be vulnerable, we encourage you to reach out to Schneider Downs to see how we can help you address your risks.

You’ve heard our thoughts… We’d like to hear yours

The Schneider Downs Our Thoughts On blog exists to create a dialogue on issues that are important to organizations and individuals. While we enjoy sharing our ideas and insights, we’re especially interested in what you may have to say. If you have a question or a comment about this article – or any article from the Our Thoughts On blog – we hope you’ll share it with us. After all, a dialogue is an exchange of ideas, and we’d like to hear from you. Email us at [email protected].

Material discussed is meant for informational purposes only, and it is not to be construed as investment, tax, or legal advice. Please note that individual situations can vary. Therefore, this information should be relied upon when coordinated with individual professional advice.

© 2024 Schneider Downs. All rights-reserved. All content on this site is property of Schneider Downs unless otherwise noted and should not be used without written permission.

our thoughts on
8 Key Considerations When Reviewing User Access
Allegheny County Marriage License Data Leak May Affect Recent Newlyweds
$1 Billion a Day: Unpacking the Financial Aftershock of the Change Healthcare Cyber-Attack
Get the Low Down Before You Download: Exploring the Temu App’s Security Risks
Six-Figure Ransomware Attack Hits Washington County, PA
Romance Scams: Guarding Your Heart and Wallet
Register to receive our weekly newsletter with our most recent columns and insights.
Have a question? Ask us!

We’d love to hear from you. Drop us a note, and we’ll respond to you as quickly as possible.

Ask us
contact us

This site uses cookies to ensure that we give you the best user experience. Cookies assist in navigation, analyzing traffic and in our marketing efforts as described in our Privacy Policy.