It's tax season, and lately that has meant it is the second most busy time of the year for scammers.

Screenshot of my email

Townsquare Media owns our radio stations and we use Exponent HR as our payroll/HR/benefits company.  Well, ever since my W-2 became available, I have been receiving email notifications that my W-2 has been downloaded (I haven't attempted to download it).  At first I was worried that someone had gotten into my account, but then I put on my sleuth's hat and decided to see what's up.

First, I noticed that my email account is already flagging the email as suspicious.  And then next, I noticed that the email was from "ExponentHR@exponent25.info".  That's a red flag, you should always make sure that the email is coming from the correct URL.  For example, when Exponent HR normally sends notifications they come from "notify@exponenthr.com".

This should be enough for you to make a decision that this email is malicious, but just in case you need more proof, look at the link that reads "Click Here to Login and Reset ExponentHR Password".  We've never heard of a website who will send you a prompt to change your password if you didn't initiate a password change yourself.

The government has put together a guide on How to Recognize and Avoid Phishing Scams that you can check out.  Don't fall for scammers emails this tax season.