The IRS recently released a warning on a phishing attack targeting state accounting and professional associations. Several tax professionals have received emails that attempted to trick them into disclosing their email usernames and passwords.
Always be suspicious of emails that ask you to log into a site with your credentials. If there’s a link in the email, do not click it. As with your bank or financial institution, only navigate to those websites from your browser—not the email—to access your account information or view notifications or alerts.
One way to identify whether an email is suspicious is to hover your cursor over the “From” email address, which will display the actual sender. If you’re using Outlook, you’ll have a contact card you can expand that will show the actual address. Similarly, you can hover the cursor over the link provided in the email and see the actual URL. Hackers often disguise the URL as a bit.ly to mask the actual site where they want you to reveal your credentials.
If you believe you may have already accessed a site like this, and used your corporate email, notify your organization’s IT department immediately. Be sure to also navigate to the legitimate website and change your password as quickly as possible.
Contact Rex or your trusted BKD advisor if you have any questions.