Tax - Phishing - H&R Block

How You Can Protect Yourself from Fraudulent E-mails (Phishing)

H&R Block wants you to be informed about potentially fraudulent e-mails and provide you information to help you protect yourself from this type of activity.

About "Phishing"

"Phishing" is a term used to describe an attempt by someone to obtain your personal or financial information by deception or fraud. Phishing most commonly occurs by spam e-mails or pop-up messages. Someone may send a message pretending to be from H&R Block to hundreds of thousands of people. The sender may only expect one or two people to actually respond to the e-mail or popup. The e-mail or pop-up could even contain H&R Block logos and might even resemble an actual H&R Block e-mail. As part of a phishing attempt, there is usually a Web site created that attempts to mimic a real H&R Block Web site. The goal of a phishing attempt is to trick you into clicking on a link in the e-mail or popup and to visit a fake Web site and provide your username, password, or other personal or financial information. Once the person collects your username or password they could then access your H&R Block user account, or use your information for other improper purposes such as identity theft.

We have provided the following guidance to help you distinguish between phishing attempts and legitimate H&R Block e-mail communications.

We will not send e-mails to you urgently requesting information of any kind.
We strongly suggest that you do not share your username, password or account information with anyone.
All of our Internet sites in which you are asked to enter personal or financial information are protected via HTTPS. Verify that the "padlock" icon on your browser is present when entering information of this nature.
Use common sense. If the timing or content of an e-mail seems odd, be suspicious.

Frequently Asked Questions:

How can I detect a fraudulent e-mail?

It's often hard to detect a fraudulent e-mail. That's because the e-mail address of the sender often seems genuine (for example, support@hrblock.com), as do the design and graphics. There are, however, telltale signs.

Fraudulent e-mail often tries to create a false sense of urgency. Some will suggest you must provide personal information immediately to protect your account or to avoid having your tax return rejected.

How can I be sure that I am receiving a legitimate H&R Block e-mail?

You know you're dealing with H&R Block because:

If you used the H&R Block Online Tax Program to complete your 2003 taxes, our e-mails will always include the username you created.
If we request information, we always direct you back to hrblock.com or taxcut.com.

If you have any doubt, don't click on a link in an e-mail. Instead, type the URL (e.g., www.hrblock.com or www.taxcut.com) directly into your Internet browser navigation bar.

How can I help protect myself?

We want your online experience to be enjoyable and worry-free. H&R Block uses high levels of encryption and other security procedures. We also want to make you aware of several simple security tips to keep in mind:

Use a strong password. Choose passwords that are difficult for others to guess, and use a different password for each of your online accounts. Use both letters and numbers and a combination of lower case and capital letters if the passwords or PINS are case sensitive.
Leave suspicious sites. If you suspect that a Web site is not what it purports to be, leave the site immediately. Do not follow any of the instructions it presents.
Be alert for scam e-mails. These may appear to come from a trusted business or friend, but actually are designed to trick you into downloading a virus or jumping to a fraudulent Web site and disclosing sensitive information.
Don't reply to any e-mail that requests your personal information. Be very suspicious of any e-mail from a business or person that asks for your password, Social Security number, date of birth or other highly sensitive information, or one that sends you personal information and asks you to update or confirm it.
Open e-mails only when you know the sender. Be especially careful about opening an e-mail with an attachment. Even a friend may accidentally send an e-mail with a virus.
Be careful before clicking on a link contained in an e-mail or other message. The link may not be trustworthy. If you are in doubt about a link, type the URL (from the table above) into your browser's address bar to ensure that you are going to a genuine H&R Block Web site.
Do not send sensitive personal or financial information unless it is through a trusted Web site that uses encryption. You will know if a Web site uses encryption if your Web browser displays a closed padlock symbol at the bottom and the web address begins with "https". The "s" indicates a secure connection.
Do not send sensitive personal or financial information via e-mail. Regular e-mails are not encrypted.
Do business only with companies you know and trust, and don't hesitate to contact them if you question an e-mail that seems odd or asks for personal information.
Phony "look-alike" Web sites are designed to trick consumers and collect their personal information. Make sure that Web sites on which you complete transactions post privacy and security statements, and review them carefully.
Make sure your home computer has the most current anti-virus software. Anti-virus software needs frequent updates to guard against new viruses. Make sure you download the anti-virus updates as soon as you are notified that a download is available.
Install a personal firewall to help prevent unauthorized access to your home computer. This is especially important if you connect to the Internet via a cable modem or a digital subscriber line (DSL) modem.
Monitor your transactions. Review your order confirmations, and credit card and bank statements as soon as you receive them to make sure you're being charged only for transactions you made.

As your trusted tax and financial partner, H&R Block is committed to keeping your information safe.