No one enjoys handing over the year’s tax payment to the Internal Revenue Service on April 15. However, most people expect their tax dollars to be used by the U.S. government, not handed back to cybercriminals that file fraudulent tax returns. Every year, according to an estimate from the Treasury Inspector General’s office, the IRS loses $4 billion because of fraudulent tax returns. Cybercriminals stealing personal taxpayer information have become a major force behind tax fraud.
Research on cybercrime demonstrates that phishing scams and fraud are higher at tax time than at almost any other time of year. In fact, people are only targeted more often for scams during the holiday shopping season. Fortunately, by exercising just a little cyber savvy, taxpayers can keep their personal information from becoming entangled in a case of tax fraud.
How Cybercriminals File Fraudulent Returns
Many taxpayers use the same passwords across multiple websites. The passwords that they use for their tax filing software, for example, may be the same passwords that they use for bank accounts and other sensitive logins. Once a cyber attacker obtains one password from a person, the attacker could gain access to multiple accounts belonging to the person. Cyber attackers steal login information using a variety of different techniques:
- Phishing. Phishing emails that look like they come from the IRS may ask a taxpayer to login to a fake Web page and provide information like a Social Security number, a bank account number, a password or other vital information. As taxpayers become more wary of phishing emails, attackers have moved toward sending phony text messages (SMiShing) and making fake voice calls (vishing).
- IRS downloads. To assist taxpayers applying for mortgages and other types of financing, the IRS allows them to download the last five years’ worth of tax returns. Unfortunately, if a cybercriminal obtains a taxpayer’s e-filing PIN or other personal information, the cyber attacker can download an old tax return and use the information to file a fraudulent one.
- Social media. People share a lot of personal information on social networks. For example, a Facebook page associated with a person’s business may show the business phone number and address. A cybercriminal can then research the business owner’s information on a personal Facebook page to determine the taxpayer’s marital status and how many dependents the person may have.
- Unprotected Wi-Fi. When people access financial information or other sensitive accounts using an open Wi-Fi network, cybercriminals can grab the information and use it later for fraudulent tax returns. For example, taxpayers using online tax preparation software over an open Wi-Fi connection can give a cybercriminal a free look at their returns and their personal information.
How Taxpayers Can Protect Themselves
To keep their refunds safe from cyber attack, taxpayers should take the following precautions:
- Check for a secure connection. Never share financial or tax-related information over an insecure connection. Always look for the “https” in the URL field; never share information over an unprotected “http” connection.
- Use a different password for everything. Periodically, everyone should go back and reset passwords for sensitive accounts. Never use the same password for multiple accounts, and use a secure password manager to store password information.
- Never share an e-filing PIN. The IRS would never ask for a PIN in an unsolicited email, phone call or text message.
- Avoid e-filing or using online tax software over public Wi-Fi hotspots. Also, never assemble and submit a tax return using a public computer.
- Stay sharp during tax season. Expect a spike in phishing emails, and stay alert for suspicious text messages, voice calls and voice mails. Never click a link in an email or text message; instead, open a separate browser window and login to the sender’s website. Also, never call a number left on an unsolicited voicemail. Instead, find the organization’s customer service number and then ask to be connected to the person who left the message.
No taxpayer should prepare a tax return on a computer that doesn’t have up-to-date security or antivirus software. Make sure to download updates immediately, not only during tax season but at any time of the year.