ITW logo with text ‘Cybersecurity News You Can Use. We’re always keeping you safer online’ over a dark green abstract background.
  • In this edition: The wave of January 2026 email and social media ad scams coming your way.
  • Your bank is calling. There’s a problem, they say. But the FBI says…hang up.
  • To be safe, do you always need to log out of an account when you’re finished? 
January A Lead Story

Your tax refund is ready early!

TurboTax Fake Alert

Scammers are already sending fake emails that appear to be from a tax preparer, claiming your refund is “ready early” and that you need to click a link to confirm your information. Legitimate firms don’t surprise you with early refunds or ask you to log in through random email links. Sign in through your tax app or call your preparer using a known number to check your status. Never enter your Social Security number, bank details, or tax‑account password on a site you reached from one of these messages.

The fake product recall from Amazon

Amazon fake recall

Ignore texts about “Amazon recalls” that don’t include your real order number, order date, and the product you bought. Instead of tapping a link in a message, open the Amazon app or go to the website directly and check “Your Orders” to see if there’s an actual recall or problem. Amazon will not ask for your credit card number to process a recall.

Cybersecurity News You Can Use

January A News You Can Use Scam

The FBI reports a new wave of crooks posing as bank staff or tech support from big names like Apple, Google, Netflix, and Amazon is tricking people into handing over login details and security codes to drain their accounts.

Scammers call, text, or email about “suspicious purchases,” and try to send you to a fake website that looks just like your bank or payroll site, then ask you to read back the code that an automated system just sent to your phone.

Remember, banks and retailers will not call you out of the blue to reset your password or fix your account.  
They do send alerts by text or email, but never include links to log in or requests for passwords, PINs, or codes. They tell you what happened and expect you to sign in using your usual app or website if you need to act.

Update Your Passwords

January A Breaches d

These organizations say they have been hacked recently.
If you do business with any of these companies,
change your account password and use two-factor authentication wherever possible.

ITW logo in dark red with stylized letters and diagonal lines on the left side.
Shield icon with red exclamation mark above the word ‘Report’ and a dropdown arrow.

 

The most important step you can take when you suspect you have received a phish
is to report it to the local ITW Support Team as soon as possible.

This allows them to eliminate the threat from other inboxes as well, quickly. 

Reporting a Phish is made easy: just use the PhishAlarm Phish button

One more thing...

Jan A One More thing

Ask Us About Cyber

Log out every time edit

If you close a window on your computer without signing out, is this an issue?

If it’s your home computer and you’re the only one with access to it, closing a browser window without logging out first is usually not a big issue because most websites will log you out automatically.

But on a shared or public computer, closing the window without signing out is risky because your session can remain active, letting the next person reopen the site and access your accounts.

Send us your cybersecurity question for possible use in a future newsletter.

Cyber cartoon © 2026 CartoonStock | Original content © 2026 Aware Force LLC