As the April 15 deadline for tax filing draws near, the Center for Internet Security (CIS) helps users recognize tax-related scams and better defend against them.
Findings show that identity theft and phishing once again remain top security concerns this year, with criminals using a variety of techniques to lure users into falling prey to scams. One common tactic used is to send emails appearing to be from legitimate organizations, such as the IRS or a tax preparer, trying to entice the recipient into providing personal and financial data.
This information is then used to steal the victim’s identity, resulting in potential financial loss, damage to reputation, and lost time and effort expended to repair the victim’s credit history. Another phishing scam involves an email that discusses supposed changes to tax laws and includes a downloadable document (usually in PDF format) that claims to explain the new laws. These files are populated with malware that, once downloaded, may infect the victim’s computer, potentially stealing or destroying data or causing other damage.
Users who have already filed their taxes this season can still be vulnerable to tax-related scams. Many schemes take advantage of users by alleging to have information about the filer’s refund, or noting a problem with the return that was previously filed.
CIS offers the following tips:
Do not respond to emails appearing to be from the IRS. The IRS does not initiate taxpayer communications through email or social media tools to request personal or financial information. The IRS does not send emails stating you are being electronically audited or that you are getting a refund. If you receive an unsolicited email claiming to be from the IRS, send it to email@example.com
Do not send sensitive information in an email. Do not open any attachments or click on links contained in suspicious emails.
Carefully select the sites you visit. Safely searching for tax forms, advice on deductibles, tax preparers, and other similar topics requires caution. Do not visit a site by clicking on a link sent in an email, found on someone’s blog, or on an advertisement. The website you land on may look just like the real site, but it may be a well-crafted fake.
Be wise about Wi-Fi. Wi-Fi hotspots are intended to provide convenient access to the Internet and are not necessarily secure against eavesdropping by hackers.
Secure your computer. Make sure your computer has the proper security controls, including up-to-date anti-virus and anti-spyware software, and a firewall.