Beware of email attacks
Reports of phishing attacks have increased dramatically across the U.S. in the past few years, with some resulting in criminal access to personal payroll and tax information. The IRS has recognized this problem and has published Security Awareness Tax Tips. The IRS does not initiate contact with taxpayers by email, text, or social media.
Many of the messages will have an urgent tone in the subject line and contents. Examples of subject lines that have been received:
- I sent you Important Tax Documents
- Final reminder: Tax Refund Notification
- Your 2013 - IRS Tax Refund Payment
- Your IRS tax bank transfer is not approved.
- Income Tax Refund REJECTED
Phishing is when criminals send specially crafted emails that appear legitimate to get users to give up their usernames, passwords, or other personal information. Their goal is to gain access to your accounts, often to send spam from compromised email accounts, and to acquire access to bank accounts or information useful for identity theft. There are some criminals who use information to commit tax refund fraud – stealing tax refunds by filing fraudulent taxes of victims. Additionally, attachments or links may lead to malicious software that could be planted to steal passwords or hold your data hostage by encrypting it.
While UT Arlington and the UT System administration continue to make every effort to ensure their applications and data are as secure as possible (including the recently implemented two factor authentication), individuals who reveal their private information are still at risk of falling victim to identity theft.
UT Arlington and legitimate organizations will never ask you to send your password in an email.
Visit UT Arlington’s anti-phishing website for guidance on how to recognize a phishing message and what to do if you’ve received a suspicious message or fallen victim to one.
Follow these tips for information security:
- Never click on links sent to you by individuals you’re not familiar with.
- Never open any attachments you’re not expecting. Instead, contact the sender, preferably by phone, to determine the legitimacy of the message.
- Never divulge your password to anyone, and pay close attention to the web address of any website requesting you to log in.
- Do not reply to emails asking you to send personal information.
- Do not respond to emails threatening to close your account if you do not provide personal information.
- Do not provide personal or financial information to any one calling you – always offer to call the published number of the organization to resolve any matter.
- Keep your computer’s operating system up-to-date by applying recommended updates.
- Keep your antivirus software up-to-date and run the scans frequently.
- Don’t use the same password for all of your online accounts (e.g. Facebook, Twitter, LinkedIn, Apple, Amazon, bank, UT Direct, etc.) in particular those providing access to funds or confidential information.
- Contact the OIT Helpdesk at 2-2208 if you are unsure about an email asking for personal information related to any UT Arlington resource.
- Send a copy of the message to the Information Security Office at email@example.com.