Spring Phishing Season is Here – Don’t Get Snagged

April 13, 2022
IT and Security, News and Events
4 min read


It’s spring again. The sun is shining, the flowers are growing, and the world’s digital scam artists are back at doing what they do best.

Every spring, an increase in phishing and online tax-related scams occurs. After all, only three things in life are certain: death, taxes, and online bad actors trying to ruin your life.

Tax season is stressful for most people. As one of the only countries in the world in which individuals have to do their own taxes, it can be easy to get lost in the chaos. Bad actors know this, and they love to try to take advantage of it.

The idea of getting an email from the Internal Revenue Service warning of bad taxes or an issue with your 2021 taxes that you recently submitted is anxiety-inducing.

Or maybe it’s not the IRS you’re getting emails from. It’s PayPal claiming that you have a transfer ready to approve. Or a real-enough looking invoice from a local business. Scammers are getting more convincing.

And what makes this year worse? Global tensions, to start. Cybersecurity experts reported an increase in fraud attempts that exploit the ongoing conflict in Ukraine. As we’ve previously discussed, this situation has increased fears of potential cyberattacks on American companies through ransomware and other malicious software.

But this is related to taxes, as well. As nonprofits continue to fundraise for the Ukraine crisis, and givers look to leverage the tax advantage of donating to nonprofits, scammers will sometimes take advantage of this.

They spoof an email, impersonate a nonprofit soliciting money, and direct you to a fake landing page. You fill out the donation form on a website that looks like it belongs to a reputable nonprofit, and now you’ve just handed the bad guys your information. All because you tried to be a good person.

Sure, some phishing attempts are easy to spot. Typo-laden messages, mentions of foreign bank accounts, correspondence claiming to be coming from the “official account” of a company whose domain is not in the sender’s email (but is instead a free domain such as Gmail or Yahoo) are all signs of a scam.

But what about when the domain appears to match who the sender is claiming to represent? What about when the email claims you’re on the verge of being sued or having your utilities shut off? The stress of such a situation can distract you, causing you to fall for even obvious scams.

Another component often used in phishing is the Reply-To field. This field is also configurable from the sender and can be used in a phishing attack. The Reply-To address tells the client email software where to send a reply, which can be different from the sender’s address. Again, email servers and the SMTP protocol do not validate whether this email is legitimate or forged. It’s up to the user to realize that the reply is going to the wrong recipient.

Here’s an example forged email:


Notice that the email address in the From sender field is supposedly from Bill Gates (b.gates@microsoft.com). There are two sections in these email headers to review. The “Received” section shows that the email was originally handled by the email server email.random-company.nl, which is the first clue that this is a case of email spoofing. But the best field to review is the Received-SPF section. Notice that the section has a “Fail” status.

Sender Policy Framework (SPF) is a security protocol set as a standard in 2014. It works in conjunction with DMARC (Domain-based Message Authentication, Reporting and Conformance) to stop malware and phishing attacks.

SPF can detect spoofed email, and it’s become common with most email services to combat phishing, but it’s the responsibility of the domain holder to use it.

Are you afraid you’ve been a victim of a scam? Assess the damage and learn how to handle the fallout by referencing sources such as the Consumer Finance Protection Bureau and by reporting the fraud to the Federal Trade Commission. To help mitigate your risk if you’re targeted in the future, contact Tigunia today.