Tax season is stressful for many reasons and April 15 equals a headache for many Americans. In addition to wading through taxes, tax season also opens up a new vector in which cybercriminals can attack. With consumers sending and receiving very personal information over email – one of the weakest links in the cyber security fence – cybercriminals are on high alert, looking for the most opportune moment to strike.
With almost 1.6 million Americans falling victim to scams in 2014, tax season calls for an increase in cyber precautions. During tax season there are two common email-based scams:
The “too good to be true” email, in which consumers receive an email appearing to be from the IRS or a tax preparer. These emails range from prompting users to reset their passwords, claim their tax return, or discover why their taxes haven’t gone through. When users click or provide information, criminals have quick and easy access and are able to then exploit or sell the information.
The fraudulently filed taxes, in which criminals obtain personal information and file a consumer’s taxes before the actual user does. When criminals have access to personal information, it is easy for them to file taxes “on behalf” of a user, and request that the return is sent directly to them, leaving users confused and having to work with the IRS on what to do next.
Unfortunately, these are just two of the most common cybersecurity threats consumers face during tax season. Each year, the IRS compiles a list of the “Dirty Dozen” tax scams, which always includes email phishing and identity theft. In 2015, other scams include phone scams, return preparer fraud, inflated refund claims and fake charities.
To stay protected from fraud during tax season, and throughout the rest of the year, consumers can take preventative steps and be aware of companies’ security standards to ensure the security of their personal information.
Remember that the IRS will never email consumers directly
The IRS will never send a direct email to a taxpayer, nor will they ask for personal information over email. If a consumer does get an email “from the IRS” it should immediately be reported. The FBI’s National Criminal Complaint Center enables anyone to file a complaint at any time, and immediately begin working with law enforcement (on the local, state, federal or international level).
Use a trusted tax preparer
A majority of fraudulent emails seemingly come from tax preparers such as TurboTax and HR Block. It is essential to be aware of email standards for any tax preparer – these companies will likely never send attachments or directly ask for personal information. Consumers should avoid emails containing this type of content, and if unsure should call the tax preparer directly to ensure the safety of personal data.
Keep personal information safe
Going hand-in-hand with avoiding sketchy emails, do not give out personal information unless on a secure site. Social security numbers and other information is key for criminals to file taxes under a consumer’s name. If fraudulent activity is suspected, consumers should contact the IRS (if tax related) or their bank provider (if bank or credit card related).
Keep your real world common sense in the online world
If someone came up to you on the street and said they had a check for you, you would say no thank you and walk away. When people get emails that say, “The IRS has a refund for you,” they think that since it’s on a computer screen they should click the link or open the attachment. A good rule of thumb is to take the same precautions online as you would in the real world.
Every day countless fraudulent emails are sent to consumers, and tax season gives criminals another avenue to infiltrate and capitalize on personal information. The fundamentals of keeping information protected are the same year round and should be continually enforced and monitored by consumers. However with perilous information being sent back and forth during tax season, it’s critical for consumers to take extra precautions. Being aware of the emails received and who is sending them is the first step in preventing cyberfraud during tax season, and lays the baseline for consumers to keep information secure from any type of cybersecurity threats.