By Brooke Crothers
Published March 17, 2019
As tax season rolls on, scams are picking up, hurting last-minute filers. And Microsoft is offering advice to help steer clear of them.
In February, there was an average of 300,000 phishing attempts per day across Microsoft's browsers, the company said in an advisory. The company's security experts expect these scams to grow as tax day approaches.
In the two weeks before the April 15 deadline, 20 to 25 percent of Americans file taxes, according to the Internal Revenue Service. And with about a month until the filing deadline, Microsoft is urging Windows 10 users to take the following steps to avoid tax scams.
“Don’t rely on passwords alone. When possible, always use multi-factor authentication,” Holly Stewart, Principal Research Lead for the Windows Defender Antivirus Research team at Microsoft, wrote in the note.
With multi-factor authentication, a user gets access to a feature or device only after providing two or more pieces of identification. So instead of just providing a password, a user is also asked to provide a temporary passcode and/or a biometric ID, like a fingerprint or face scan.
Newer Windows 10 laptops from manufacturers like Hewlett-Packard and Dell now often come with “Windows Hello” face ID or fingerprint ID or both. Microsoft also offers a Microsoft Authenticator app for managing account logins on other devices, including Apple and Google products.
The company also said that users should be suspicious of all links, especially when the email seems “off” or unexpected – like an email from your credit card company, or financial institution.
There are also preventative measures users can take, such as checking directly with the sender before opening or downloading an attachment, Microsoft added.
And tax-related URLs should be scrutinized too. For example, users should hover over links to make sure the URL goes to a legitimate website. If you’re not sure, rather than clicking on the link, bring up the tax site via a search engine and log in from there, Microsoft said.
Attachments are notorious places for malware to get at your personal data. An email with a fake invoice from a tax preparation company is one of the top methods criminals use to trick people into opening a malicious attachment that could, in turn, execute malware on your computer, Microsoft said.
“We’ve seen PDFs that contain innocuous-looking links that lead to users accidentally downloading malicious software designed to steal their credentials,” the company wrote in the advisory.
Lastly, users should keep their software current. If you’re running Windows 10, make sure it has the latest security and feature updates and you have virus protection running, such as Windows Defender Antivirus.