Alert: State Revenue Departments Report A Surge In Tax Phishing Scams
Sep 22, 2025
Across the US, state revenue departments, including those in Ohio and Michigan, have begun reporting a surge in tax phishing scams targeting taxpayers via text messages. These fraudulent messages claim the recipient’s tax refund has been approved and instruct them to click on a link to “finalize processing.” The link directs users to a website impersonating the state’s official tax portal, often displaying authentic-looking logos and branding.
What is a phishing scam?
Phishing scams are a form of social engineering where attackers deceive people into revealing sensitive information or installing malware such as viruses, worms, adware, or ransomware on their devices.
Essential tips for personal protection:
- Do not click links or respond to suspicious texts: Ignore and delete any unsolicited messages claiming to be from state revenue agencies or the IRS regarding tax refunds.
- Do not share personal or financial information via text: State revenue departments and the IRS do not communicate tax matters or request sensitive information via text.
- Verify website addresses: Always double-check URLs before entering any information to ensure you are using the official state revenue department or IRS website.
Next Steps:
If you believe you have been targeted by a tax phishing scam or have shared information with scammers, you should report the scam to the following authorities:
- Local law enforcement
- Relevant credit reporting agencies (let them know your information has been compromised).
- Your Financial Institution
- State Attorney General
- State Revenue Department Fraud Prevention Unit
If you are unsure about an incoming message, contact your state revenue agency directly through their official channels. For your convenience, the Ohio Department of Taxation has developed an official video detailing how to recognize fraudulent communications: ODT Scam Awareness Video.
Connect With Us.
wvco.com
Categories: IT & Risk Services, Tax Planning
IT Alert: Security Awareness Training
Oct 11, 2022
Phishing attacks are on the rise and becoming increasingly complex! According to the 2022 X-Force Threat Intelligence Index, phishing is the most common way for cybercriminals to penetrate an organization. Once accessible, larger-scale attacks are launched, like ransomware, to paralyze the company by stealing data or inflicting financial loss. Today, phishing accounts for roughly 90% of data breaches and on average costs an organization $5 million!
While these statistics are troublesome, there are proactive measures business owners can take to protect their assets and reputation. The most popular preventative measure is instituting security awareness training – it’s a powerful defense asset with impressive ROI that maximizes your security spending while protecting your bottom line. Security awareness training programs are aimed at educating users (employees) to understand the role they play in helping to combat security breaches. Effective training programs should be ongoing and continuous while providing your users with best practices for good cyber hygiene, outlining the security risks associated with their actions, and ways to identify potential threat characteristics in email and on the web. Some training programs even incorporate simulated phishing campaigns to allow for testing and measuring employee vulnerability.
All in all, security awareness training enables your users to make smarter security decisions in their day-to-day roles, helping you manage the ongoing problem of social engineering and strengthening your human firewall.
There are hundreds of security awareness training programs available, but not all are created equal. When it comes to choosing the right training program for your organization, William Vaughan Company Technologies (WVCT) can help you determine which best suits your business needs. Contact us today to learn more and find out why should you devote a portion of your security budget to security awareness training.
Connect With Us.
Categories: IT & Risk Services