It’s that time of the year again where we hunker down and fill out those tax returns, then hope for a nice refund check! But before you start dreaming of buying that new TV or trying out that hot new restaurant, keep in mind tax season means hunting season for cybercriminals. The huge volume of personal and financial information being accessed during the first quarter of the year is a potential gold mine for hackers and identity thieves, and anyone can be a target.
According to Stay Safe Online, there is a significant increase in phishing and malware attempts during tax season.
- These attacks typically ask you to click a link to a fake website that will prompt you to fill out a form with personal or financial information.
- Others take you to sites or have attachments that can contain malware, infecting your computer or network and stealing information from there.
- Unsolicited emails, social media posts, or text messages can all be avenues for phishing attempts linking to fake or malicious websites.
- Phishing emails can also be formatted so they look as though they are coming from someone from within your own company, i.e. “spoofing.” For example, you may receive an email from a coworker in HR or Accounting asking for a copy of your W2.
Employers should be especially wary during tax season, as a slip-up can compromise your employees’ personal information all at once. You wouldn’t leave your W2 form (or worse, a stack of your employees’ W2 forms) tacked on your public bulletin board, so make sure that when you distribute these or any tax forms, you do so in a secure manner.
Double check that check, it could just be bait.
The New York Times reports on a new scam this year where criminals file fake tax returns with real financial information, resulting in a large direct deposit into your account. The transaction is legitimately from the IRS, but is not a legitimate tax refund. Criminals then impersonate the IRS and call saying that there was a mistake and demanding that you “return” the money with instructions to transfer the payment into their own accounts.
Be wary of unexpected deposits, and if you receive a deposit that does not belong to you, contact your bank and the IRS to report the incident and inquire on next steps.
To protect yourself against this and other IRS-impersonation scams, be vigilant about double-checking identities and IRS procedures. Note:
- The IRS will never call you to demand immediate payment via wire transfer or prepaid debit card.
- Most IRS contact with taxpayers is initiated through the US Mail, and in the case that an official does need to call or visit in person, the taxpayer would first receive several notices in the mail.
- The IRS will never threaten to contact local law enforcement or immigration officers, revoke your driver’s license or business license, or deport you.
If you receive a phone call from the IRS that you believe is fraudulent, simply hang up the phone and call the publicly posted IRS contact number to find out more.
The good news is that protecting yourself is not taxing at all.
- Use strong passwords and two-factor authentication
- Use encrypted email for sharing sensitive information
- Refrain from using public Wi-Fi to send or access sensitive financial data
And if anyone – your tax preparer, an employee, the IRS – asks you for a sensitive piece of information, don't hesitate to pick up the phone to verify who it's coming from and that it is indeed a real communication. Especially if it's unsolicited.
This tax season, beware, be aware, and be vigilant. Be the hunter, not the hunted!
Your Friends @ Launch Security