It’s everyone American’s favorite time of year—tax season. While you might be looking forward to it with a mixture of trepidation and dread, cybercriminals are positively drooling at the prospect of all that personal data out there on the Internet for the taking.
And there’s quite a lot of data out there. Thanks to major breaches at Equifax and large outbreaks of ransomware like WannaCry in 2017, we’re looking at hundreds of millions of records in the (dark web) ether—and that’s in the United States alone. No doubt threat actors are already making plans for a few of them.
While the IRS has taken steps to reduce tax-related identity theft, including new security safeguards that verify identity and the validity of returns, criminals are a cunning folk—they’ve already devised new tax scams to circumvent extra security protocols.
This February, the IRS issued a warning about a scam in which criminals steal client data from accountants and file fraudulent tax returns. The bad actors then have the return sent to the taxpayers’ real bank accounts for deposit, only to reclaim the refund later using social engineering tactics. Essentially, they steal your identity, file your return, deposit your return in your bank account, only to steal it away later by posing as the IRS and claiming the return was filed in error.
Let’s face it. Filing taxes is enough of a headache on its own. But coupled with tax-related ID theft, it’s a serious wrinkle that causes an absolute deluge in paperwork. Besides having your rainy-day money stolen, tax ID theft can also damage your credit and cost you in time. It can take upwards of 600 hours to restore a stolen identity, according to the Identity Theft Resource Center.
But you needn’t fear (unless you’ve been cheating on your taxes, in which case we can’t help you). If you take the proper precautions, you can shore up your online safety.
So what are some ways you can protect your information (and identity) during tax season? Here are some tried and true tips to help ease the stress.
For general tax preparedness
If you haven’t already filed, now’s the time to get a move on. Not only will you beat the rush, but you can ensure a faster return on your return. Mistakes, including those that can lead to identity theft, are made when you’re scrambling to dig up that charitable donation receipt from Goodwill five minutes before filing deadline.
Next, pick a preparer. Do your due diligence and check out any reviews or articles on tax software, if you plan to use it. Research online tax service providers to see how secure their systems are. Sites should have password standards, a lock-out feature that blocks users after too many unsuccessful login attempts, security questions, and email and/or text verification. If using an accountant, look for referrals. Remember that cheapest may not always be the best.
Finally, once you’ve filed, make sure to keep your tax returns someplace safe. If filing online, you’ll receive a massive PDF that you can download to your desktop. If someone were to access your computer a year from now, all that juicy information would be theirs for the taking. So be sure to either store it in an encrypted cloud service or put it on a removable drive, such as a USB. If filing on paper, keep your taxes in a locked file cabinet or drawer.
For online security
This is important for anyone transmitting sensitive data online, whether that’s shopping or filing taxes: be sure to use a connection that’s secure. If on a home computer and network, use password-protected Wi-Fi and look for secured browsers (website URLs that start with “https” and display a small lock icon). Be sure your preparer has the same security in place. Never, ever, ever file your taxes using public Wi-Fi.
In addition, when filing taxes online (and again, this applies to any online service that requires a password), choose passwords that are long and complex. Avoid plain text passwords, use special characters, and if allowed, use spaces. We also highly recommend a password vault or manager that uses two-factor authentication.
The third pillar of Internet security (especially during tax season) is to be aware of social engineering scams, including phishing emails. A popular phishing technique is to send an email from the “IRS” that says, essentially, “We have your tax return ready and you can get your money faster if you just download this PDF!” Nope. Number one, you should never open an attachment from an email you aren’t expecting to receive. Number two, the IRS will not email you. They’ll physically mail you information, but even then, be wary. Tax scams can happen via postal mail, too.
In addition to phishing attacks, there are reports of cold callers who say, essentially, “Hey, we’re from the IRS and you owe us $10,000.” Nope. The IRS won’t call you either. If you receive an email or phone call that’s unsolicited and is looking for personal information, don’t give it. Go back and independently verify who is trying to reach you.
After mastering the basics of online security best practices, it’s a good idea to protect yourself using a little technology. Before you even start typing in your social security number, you should run at least one kind of cybersecurity scan. That way you’re sure there’s no malware on your system, such as a keylogger or spyware that can record your information without you knowing. You should also make sure your operating system, browser, and other software programs are updated—that way, you protect against malware that might exploit vulnerabilities in your computer.
Finally, if you believe there’s a chance you could have been compromised, look into free credit monitoring or ID theft services. By law, you are entitled to a free copy of your credit report from the major bureaus: Equifax, Experian, and Trans Union. In addition, there’s a lesser-known fourth bureau called Innovis that you can also use. Review your reports annually and look for any suspicious activity.
Filing early, being prepared, staying vigilant online, and employing the proper security technology—if you follow these tips then you can not only keep cybercriminals from cashing in on your tax returns but also from taxing your peace of mind.