Email Security Blog

The IRS’s Extended Tax Deadline Fuels Email Phishing

Uncle Sam has extended the deadline for 2019 tax filing to Wednesday, July 15, 2020, giving filers — and hackers — additional time.

Regardless of your financial situation during the Coronavirus pandemic, a sigh of relief is at hand for tax filers nationwide. But don’t let the new tax deadline catch you off guard. While the additional three months is welcomed amid the stress and economic uncertainties of COVID-19, those extra 90 days are also fueling phishing scams set on stealing refunds, identities, sensitive corporate data, and more.

If you haven’t started preparing your taxes yet, you might be vulnerable for a QuickBooks scam. INKY, the leader in cloud-based email phishing software, caught this recent fraudulent email that supposedly came from Intuit. In this case, the would-be hacker was alerting a QuickBooks customer that their subscription renewal was due and that they were having issues with their form of payment. The phishing email gave several possible reasons for this dilemma and urged the reader to call a toll-free number or click on a link to update their payment method.  108_Blog Pic 1

To the human eye the email seems legitimate enough. However, INKY’s Phish Fence immediately flagged it as a phishing threat. How?  Well, INKY sees things we cannot…down to the very last pixel. 

Unlike other phishing solutions, INKY uses computer vision as part of its brand forgery software. It can detect company logos and determine whether or not the email comes from a legitimate source.  Rather than clicking on a malicious link or opening yourself and your company to a costly data breach, INKY sends you a warning in the form of a banner. As you can see in this example, the email was flagged as malicious and the reader was instructed on how best to react. 

108_Blog Pic 2

This is just one of the many ways hackers are tricking individuals and companies into falling for costly email phishing scams, especially in light of the 2019 extended deadline.  In fact, there are a number of schemes INKY sees surface regularly, ones the IRS warns taxpayers about regularly.

Charitable Giving: Beware of phony charities.  All year long, email phishing schemes arise in which phony charitable organizations are asking for money.  In fact, COVID-19 has brought about a number of new phishing scams in which hackers ask for donations to help those on the front lines fighting the disease.

Economic Impact Payments: The IRS will automatically deposit Economic Impact Payments into the bank accounts of eligible taxpayers using the bank information filed with an earlier return. If you have no bank account on file, a check will be mailed to you. Don’t fall for phishing emails asking for bank information or claiming to be collecting a non-existent fee that comes with the payment.

Verification Credentials: Some cybercriminals send phishing emails that seem to come from the IRS and ask that you verify personal information. The IRS would not ask for these credentials in an email. This is likely the first step in an identity fraud scheme.

Faster Refunds: Another common phishing scam comes in the form of company suggesting they can get a tax refund or Economic Impact Payment faster if they work on your behalf.  By getting the right information out of you, this phishing scam could end in the loss of your refund.

The IRS also shares information on red flags to watch for in a potential tax time email phishing scheme. Of course, years of phishing experience will tell you that the one thing cybercriminals and email hackers count on is human error. The best email security solutions are those that don’t leave the decision-making to humans but rely on computer vision, artificial intelligence, and machine learning. 

INKY is an award-winning, cloud-based email security solution that saves companies millions in revenue that could be otherwise lost to cybercrime. Whether it’s a COVID-19, tax-time, or generic phishing scam, companies are ruined every year for not properly protecting their employees, customers, and data from cybercrime. You don’t have to wait until July 15th to file your taxes and you certainly shouldn’t wait that long to prevent phishing email catastrophes.  Find out what INKY can do for your business today by scheduling a demonstration. 


INKY® is the emerging hero in the war against phishing. An award-winning cloud-based email security solution, INKY® prevents the most complex phishing threats from disrupting or even immobilizing your company’s day-to-day business operations. Using computer vision, artificial intelligence, and machine learning, INKY® is the smartest investment you can make in the security of your organization. INKY® is a proud winner of the NYCx Cybersecurity Moonshot Challenge and finalist in the 2020 RSAC Innovation Sandbox Competition. Learn more about INKY® or request an online demonstration today.