Phishing season in full swing as tax deadline looms

The IRS says it's seen a "surge" this year in phishing emails, with thieves baiting special hooks for payroll and human-resources workers in hopes of snagging a company's entire stash of employee Social Security numbers and other personal information.

Experts warn that phishing emails often masquerade as legitimate communication from your bank, human resources department or email provider.

[...] in reality, they're part of a scheme designed to steal the confidential information stored in your computer, or to gain access to the network it's attached to.

While people are more aware of the danger of phishing more than ever before, the lures continue to evolve and increase in sophistication, making it tough for the average person to discern which emails are legitimate and which ones aren't.

Phishing peaks during tax season, partially because it's a time of year that many people are accustomed to entering their most personal information — such as their Social Security number or bank account information — on websites, Satnam Narang, senior security-response manager for security software maker Symantec, says.

Thieves also often tie phishing emails to major sporting events, or natural disasters like overseas earthquakes, says Raj Samani, chief technology officer for Europe, the Middle East and Africa at Intel Security.

In an effort to get more people to click on a link before thinking about the possible consequences, many phishing emails will give an impression of scarcity, or include some kind of time limit.

Many overseas hackers are no longer using clunky translation websites, because there are fluent English speakers who specialize in translating phishing emails for a fee, Samani says.