Get a head start on defending against tax scams

Tips to stay secure during tax season

It’s everyone American’s favorite time of year—tax season. While you might be looking forward to it with a mixture of trepidation and dread, cybercriminals are positively drooling at the prospect of all that personal data out there on the Internet for the taking.

And there’s quite a lot of data. Thanks to major breaches throughout 2018, plus billions of records from breaches of old collected into massive data dumps online, we’re looking at an unprecedented amount of personally identifiable information (PII) available to threat actors to sell to the highest bidder or use in re-targeting for additional campaigns. No doubt criminals are already making plans for a few of them.

To add insult to injury, filing taxes in 2019 is bound to dredge up a few more stressful feelings than usual.

For starters: a lengthy government shutdown at the tail end of 2018 and into the new year stalled the IRS’ usual pre-tax season proceedings. However, government workers, including the IRS, have gotten back to work, and the season officially opened on January 28. What does that mean for US taxpayers?

Expect delays in refunds, for one. A month-long backlog of work greeted IRS employees upon their return, and they’ll need to play catch-up. Does that mean we’ll have longer to file this year? Nope. US taxpayers still need to hit that April 15 deadline—unless you’re in Maine or Massachusetts, which gives you until April 17—even if you’re waiting a little longer than usual for all their forms to come in.

Unfortunately, that’s not all taxpayers should be worried about. As usual, when calamity strikes, cybercriminals aren’t far behind to capitalize on any confusion or fear drummed up by uncertainty. Tax-related scams are on the heavy uptick, according to the IRS, who announced in November that Emotet phishing campaigns were posing as tax transcripts sent by their organization. Warnings about phishing attempts, which have increased dramatically in the last year, should not fall on deaf ears. Businesses and consumers alike should understand the warning signs of a phishing attack, whether it’s on desktop or mobile devices.

Let’s face it. Filing taxes is enough of a headache on its own. But coupled with tax-related scams and identity theft, it’s a serious wrinkle that could cause a deluge of paperwork. Besides having your rainy-day money stolen, tax ID theft can also damage your credit and cost you in time. It can take upwards of 600 hours to restore a stolen identity, according to the Identity Theft Resource Center.

But you needn’t fear (unless you’ve been cheating on your taxes, in which case we can’t help you). If you take the proper precautions, you can shore up your online safety.

So what are some ways you can protect your information (and identity) during tax season? Here are some tried and true tips to help ease the stress.

For general tax preparedness

If you haven’t already filed, now’s the time to get a move on. Not only will you beat the rush, but you can ensure a faster return on your return. Mistakes, including those that can lead to identity theft, are made when you’re scrambling to dig up that charitable donation receipt from Goodwill five minutes before filing deadline.

Next, pick a preparer. Do your due diligence and check out any reviews or articles on tax software, if you plan to use it. Research online tax service providers to see how secure their systems are. Sites should have password standards, a lock-out feature that blocks users after too many unsuccessful login attempts, security questions, and email and/or text verification. If using an accountant, look for referrals. Remember that cheapest may not always be the best.

Finally, once you’ve filed, make sure to keep your tax returns someplace safe. If filing online, you’ll receive a massive PDF that you can download to your desktop. If someone were to access your computer a year from now, all that juicy information would be theirs for the taking. So be sure to either store it in an encrypted cloud service or put it on a removable drive, such as a USB. If filing on paper, keep your taxes in a locked file cabinet or drawer.

For online security

This is important for anyone transmitting sensitive data online, whether that’s shopping or filing taxes: be sure to use a connection that’s secure. If on a home computer and network, use password-protected Wi-Fi and look for properly-secured browsers (website URLs that start with “https” and display a small lock icon). Be sure your preparer has the same security in place. Never, ever, ever file your taxes using public Wi-Fi.

Ever.

In addition, when filing taxes online (and again, this applies to any online service that requires a password), choose passwords that are long and complex. Avoid plain text passwords, use special characters, and if allowed, use spaces. We also highly recommend a password vault or manager that uses two-factor authentication.

The third pillar of Internet security (especially during tax season) is to be aware of social engineering scams, including phishing emails. A popular phishing technique is to send an email from the “IRS” that says, essentially, “We have your tax return ready and you can get your money faster if you just download this PDF!” Nope. Number one, you should never open an attachment from an email you aren’t expecting to receive. Number two, the IRS will not email you. They’ll physically mail you information, but even then, be wary. Tax scams can happen via postal mail, too.

In addition to phishing attacks, there are reports of cold callers who say, essentially, “Hey, we’re from the IRS and you owe us $10,000.” Nope. The IRS won’t call you either. If you receive an email or phone call that’s unsolicited and is looking for personal information, don’t give it. Go back and independently verify who is trying to reach you.

After mastering the basics of online security, it’s a good idea to protect yourself using a little technology. Before you even start typing in your social security number, you should run at least one cybersecurity scan. That way, you’re sure there’s no malware on your system, such as a keylogger or spyware that can record your information without you knowing. You should also make sure your operating system, browser, and other software programs are updated—that way, you protect against malware that might exploit vulnerabilities in your computer.

Finally, if you believe there’s a chance you could have been compromised, look into free credit monitoring or ID theft services. (A caveat to this: Only use the free services, as paying for them is unnecessary and redundant with what credit card companies and banks are already doing.) By law, you are entitled to a free copy of your credit report from the major bureaus: Equifax, Experian, and Trans Union. In addition, there’s a lesser-known fourth bureau called Innovis that you can also use. Review your reports annually and look for any suspicious activity.

Filing early, being prepared, staying vigilant online, and employing the proper security technology—if you follow these tips then you can not only keep cybercriminals from cashing in on your tax returns but also from taxing your peace of mind.

ABOUT THE AUTHOR

Wendy Zamora

Editor-at-Large, Malwarebytes Labs

Wordsmith. Card-carrying journalist. Lover of meatballs.