You can never be too careful these days when it comes to making sure you’re protected from cybercrime, and tax season is no different. Cybercriminals seem to be able to come up with new ways of perpetrating their activities faster than the good guys are able to identify them. We hope that this article helps you to be a little bit more secure during this year’s tax season.
According to IBM’s X-Force, which is a renowned commercial and technology security research team, tax-related spam and phishing emails rose more than 6,000 percent from December 2016 to February 2017.
These emails have become sophisticated enough that it’s difficult to discern them from authentic IRS communications. Some of them take the form of an email that looks like it’s notifying you that your refund has been processed and that you need to review and sign. Some of them are more nefarious, threatening legal action or seizure of property if a payment is not made immediately. The elderly and disabled are particularly susceptible to these types of emails that attempt to create a distressed emotional reaction.
Once a cybercriminal has obtained enough information, they can file a false return to claim the refund due to you, or worse. The X-Force research team determined that a person’s w-2 sells on the dark web for anywhere from $50-100, with plenty of buyers waiting to use your personal information to file a fraudulent return before you have a chance to file. In 2016, the IRS paid out approximately $5.8 billion in fraudulent returns.
These cybercriminals use tax season as the time to step up their activities. Often making their communications appear to be legitimate messages from the IRS, an accountant, online tax preparers, or even your employer’s Human Resources department. However, these fraudulent emails have malware or other malicious code embedded, that then redirect you to a falsified web page or form where you provide them with your personal information and financial data that they can then act upon.
In order to be better prepared for these types of fraudsters, it’s a good idea to familiarize yourself and the rest of your family with a few key tips:
- File your taxes right away. In 2017, more than 60 million Americans filed after April 1. Waiting until the very last minute gives the fraudsters much more time to file using your personal information, before you’ve done it yourself. You should file your return as soon as you receive all the paperwork that you need.
- Remember the IRS NO-EMAIL Rule. It’s especially important to remember that the IRS will never initiate contact requesting personal or financial information from any taxpayer by email, phone, text or social media. This rule also goes for banks, credit unions, and credit card companies.
- Avoid clicking on email links from tax vendors. If you use any of the common online tax preparation websites, don’t access them from any emails you’ve received. Instead, go directly to their website (or trusted sites that partner with them) and access their services that way. This reduces the chances of getting scammed by a fraudulent email masquerading as legitimate.
- Sign up for an IRS PIN. Sign up today for an IRS Identity Protection PIN, which is a six-digit number available to eligible taxpayers, which helps to safeguard your social security number from misuse on fraudulent tax returns. The Identity Protection PIN is usually for those taxpayers who have suffered fraud with prior tax filings. More information is here.
- Take advantage of free credit monitoring. Most organizations that have suffered a breach in the past, now offer free credit or identity theft monitoring services. Sign up for the protection for the maximum amount of time permitted. Also remember that the YourStyle Checking from Investors Bank offers identity theft protection and cell phone replacement. See Guide to Benefit for complete details.
- Report Scammers right away. If you receive an email that you suspect is a phishing email, a link to a fake website or anything of this nature, be sure to report it right away by forwarding the email to firstname.lastname@example.org . Remember to not click on any links in the email itself, as this can trigger a download of malware onto your computer.
- If it looks fishy, it probably is! If any email you receive doesn’t look right to you, it probably isn’t! Always stay on the safe side and report any suspect email to the proper authorities, whether it be the IRS or your employer’s info security department.