Did you know phishing campaigns at Yale with the word “tax” in the subject line have more than doubled since January?
That isn’t a coincidence, it’s strategy.
Bad actors know messages about refunds or urgent tax issues feel believable.
The Information Security Office (ISO) has robust tools to help detect phishing emails. However, some of these messages can still reach our inboxes.
(Learn about how the IRS contacts taxpayers.)
Why This Matters
Interacting with tax scam email messages can unintentionally:
- Expose sensitive university data
- Compromise your personal identity
- Put your tax information at risk
Cybersecurity is not only about protecting systems. It is about protecting you, and your personal information. Especially during tax season.
What to Watch For
AI-Polished “IRS” Emails
Scammers are using AI tools to create professional-looking messages. These emails may reference refunds, missing forms, or account problems.
If a message pressures you to act immediately, that is your signal to pause. Our Recognize, Relax, Rethink model can help you hone your phishing detection skills.
Social Security Scare Tactics
Criminals posing as the Social Security Administration may claim:
- Your Social Security number is tied to criminal activity
- Your benefits are suspended
- You must verify information immediately
Government impersonation scams like these consistently rank among the most reported fraud schemes.
Urgency is their tactic. Slowing down is yours.
Be skeptical and act with caution if you see emails like this.
What You Can Do
If you receive a suspicious, tax-related message:
- Do not click
- Do not reply
- Report suspicious messages in your Yale inbox
Your refund belongs in your account, not in the hands of a scammer.
3 Ways to Sharpen Your Cyber Skills
Want to strengthen your ability to spot scams and suspicious messages?
Take the Bee Cyber Fit “Click with Caution” course
Build practical skills for recognizing phishing and suspicious messages. This short training module focuses on the most common warning signs and simple steps you can take to protect both your personal and Yale accounts.
Register for our upcoming webinar
Beyond the Google Search: Moving from data apathy to digital stewardship
March 26 | 12PM to 1PM (virtual)
Many people believe protecting personal data is futile because so much information is already online. Unfortunately, this mindset is exactly what social engineers rely on. This session explores how to better understand and manage your digital footprint and offers practical ways to protect your information.
We’re here to help. Tell us how you would like to build your cyber skills. We offer simple ways to get involved for yourself, your team, or both.