It’s everyone’s favorite time of year—tax season. While you might be looking forward to it with a mixture of trepidation and dread, cybercriminals are positively drooling at the prospect of all that personal data out there on the Internet for the taking.
So what’s the worst that can happen? In a couple words: identity theft. Nearly 250,000 new reports of identity theft were filed in 2016 with the IRS. Tax-related ID theft happens when criminals use your personal information to file for a tax refund with the IRS. Through September 2016, the IRS stopped 787,000 confirmed identity theft returns, totaling more than $4 billion. Besides having your rainy-day money stolen, this can also damage your credit and cost you in time. It can take upwards of 600 hours to restore a stolen identity, according to the Identity Theft Resource Center.
But you needn’t fear (unless you’ve been cheating on your taxes, in which case we can’t help you). In response to an uptick in tax fraud and identity theft last year, the IRS has launched new security safeguards in order to verify identity and the validity of returns, especially for those who prepare their own federal and state taxes using software programs. In addition, if you take your own proper precautions, you can shore up your online safety.
So what are some ways you can protect your information (and identity) during tax season? Here are some tried and true tips to help ease the stress.
For general tax preparedness
If you haven’t already filed, now’s the time to get a move on. “Start early, gather all your information in one place, and make sure it’s accurate,” says Mark Harris, CFO of Malwarebytes. Not only will you beat the rush, but you can ensure a faster return on your return. Mistakes, including those that can lead to identity theft, are made when you’re scrambling to dig up that charitable donation receipt from Goodwill five minutes before filing deadline.
Next, pick a preparer. Do your due diligence and check out any reviews or articles on tax software, if you plan to use it. Research online tax service providers to see how secure their systems are. Sites should have password standards, a lock-out feature that blocks users after too many unsuccessful login attempts, security questions, and email and/or text verification. If using an accountant, look for referrals. Remember that cheapest may not always be the best.
Finally, once you’ve filed, make sure to keep your tax returns someplace safe. If filing online, you’ll receive a massive PDF that you can download to your desktop. If someone were to access your computer a year from now, all that juicy information would be theirs for the taking. So be sure to either store it in an encrypted cloud service or put it on a removable drive, such as a USB. If filing on paper, keep your taxes in a locked file cabinet or drawer.
For online security
This is important for anyone transmitting sensitive data online, whether that’s shopping or filing taxes: be sure to use a connection that’s secure. If on a home computer and network, use password-protected Wi-Fi and look for secured browsers (website URLs that start with “https” and display a small lock icon). Be sure your preparer has the same security in place. Never, ever, ever file your taxes using public Wi-Fi.
In addition, when filing taxes online (and again, this applies to any online service that requires a password), choose passwords that are long and complex. Avoid plain text passwords, use special characters, and if allowed, use spaces. We also highly recommend a password vault or manager that uses two-factor authentication.
The third pillar of Internet security (especially during tax season) is to be aware of social engineering scams, including phishing emails. A popular phishing technique is to send an email from the “IRS” that says, essentially, “We have your tax return ready and you can get your money faster if you just download this PDF!” Nope. Number one, you should never open an attachment from an email you aren’t expecting to receive. Number two, the IRS will not email you. They’ll physically mail you information, but even then, be wary. Tax scams can happen via postal mail, too.
In addition to phishing attacks, there are reports of cold callers who say, essentially, “Hey, we’re from the IRS and you owe us $10,000.” Nope. The IRS won’t call you either. If you receive an email or phone call that’s unsolicited and is looking for personal information, don’t give it. Go back and independently verify who is trying to reach you.
After mastering the basics of online security best practices, it’s a good idea to protect yourself using a little technology. Before you even start typing in your social security number, you should run at least one kind of cybersecurity scan. That way you’re sure there’s no malware on your system, such as a keylogger or spyware that can record your information without you knowing. You should also make sure your operating system, browser, and other software programs are updated—that way, you protect against malware that might exploit vulnerabilities in your computer.
Finally, if you believe there’s a chance you could have been compromised, look into a credit monitoring or ID theft service. By law, you are entitled to a free copy of your credit report from the three major bureaus: Equifax, Experian, and Trans Union. In addition, there’s a lesser-known fourth bureau called Innovis that you can also use. Review your reports annually and look for any suspicious activity.
Filing early, being prepared, staying vigilant online, and employing the proper security technology—if you follow these tips then you can not only keep cybercriminals from cashing in on your tax returns but also from taxing your peace of mind.