People are getting wise to IRS phishing scams which happen during tax season. So, what do hackers do? Send out the same phishing emails out of season to catch unsuspecting victims off guard.

According to an article on ARS Technica, “Tax return scammers usually strike early in the year, when they can turn the personal information of victims into fraudulent tax refund claims. But members of Akamai’s threat research team found a recent surge in off-season phishing attacks masquerading as notices from the Internal Revenue Service, targeting over 100,000 individuals.”

According to Akamai’s research, “the campaign used at least 289 different domains and 832 URLs over 47 days.” Furthermore, a majority of those domains were active for less than 20 days.

Continuing from Akamai, “the IRS phishing campaign in the wild shows that, while threat actors are still launching campaigns with the goal of capturing sensitive information, the methods and techniques being used are getting more sophisticated by the day. Normally, tax-based phishing campaigns are observed during tax season in the United States, which runs from the end of Q4 until the end of January. However, by leveraging political stress points and uncertainty surrounding changing tax rules, campaigns such as this are now viable year-round.”

Hackers are getting more sophisticated and “seasonal” phishing campaigns now happen all year round.


What to do?

You need protection that works all year round and doesn’t get caught off guard by out-of-season phishing emails. You need Phishing Protection from DuoCircle.

Phishing Protection from DuoCircle, with real-time link click protection, doesn’t fall for out-of-season phishing emails because it doesn’t care when they arrive. It only cares about what’s in the body of the email and where the links in the email point to. And if those links point to a malicious website, it prevents users from going there, no matter when the email arrived.

Phishing Protection from DuoCircle works with all mail providers, sets up in 10 minutes and costs just pennies a month per employee.

You can try and stay vigilant and defend yourself against the constant barrage of phishing emails, or you can sleep easy at night knowing you’re protected by DuoCircle. Try it risk free for 30 days.

Pin It on Pinterest

Share This