With more and more of our daily lives being spent online, cyber risk continues to rear its ugly head whenever we log in. During tax season (January – April), however, we face a higher exposure to identity thieves and the potential for a fraudulent tax return to be filed on our behalf.
In March 2016, the IRS warned that phishing attacks had increased 400% over the previous year. While it is too early to determine the activity for the 2016 filing season, the IRS has recently concluded a week-long effort – the National Tax Security Week – to inform the public of the risk of identity theft and fraudulent tax returns. Considerable efforts have been made by both the public and private sectors, leading to over $4B of fraudulent returns halted by the IRS fraud detection systems during the first nine months of 2016. To thwart the growth in tax fraud, an Information Sharing Analysis Center (ISAC) specifically dedicated to identity tax fraud will launch in 2017, and a pilot program requiring additional verification on W-2’s will be expanded to a larger taxpayer population for the 2016 filing year.
The National Tax Security Week had a one-page publication 4524, known as Security Awareness for Taxpayers. In it, three themes emerged in the publication – – namely keep your computer secure, avoid phishing and malware, and protect personal information. These three steps are consistent with the “staying safe during tax time” outlined by StaySafeOnline.org and powered by the national cyber security alliance.
Online outlaws will attempt to lure you in a variety of ways. Watch out for the following:
Fraudulent tax returns: The FTC recommends trying to file your tax return as soon as possible. The IRS only accepts one tax return per Social Security number. If the file is ours and it’s in early, it makes it impossible for a cyber thief to submit another return with your personal information. It’s also important to always use smart practices with your personal information. Remember to only share your Social Security number when it’s absolutely necessary. Check your credit report regularly for shady activity and never throw papers with critical information – like your Social Security number or bank account information – in the trash. It’s best to shred all paper containing personal data.
Phishing and malware: Cybercriminals will try to get you to do “something” so they can steal your personal information. Watch out for unsolicited emails, texts, social media posts or fake websites that may prompt you to click on a link or to share valuable personal and financial information. Armed with this information, online thieves can pilfer funds and/or commit identity theft. And unfamiliar links or attachments can contain malware – viruses, spyware and other unwanted software that gets installed on your computer or mobile device without your consent – which can infect your computer files if opened.
Impostors claiming to be Internal Revenue Service (IRS) agents: The IRS will never email or call you demanding immediate payment without having first mailed a bill. Nor will they ask for a credit or debit card number via email or phone.
Tax preparer fraud: The overwhelming majority of tax preparers provide honest services, but some unscrupulous individuals may target unsuspecting taxpayers and the result can be refund fraud and/or identity theft. The IRS reminds anyone filing a tax return that their preparer must sign it with their IRS Preparer Identification Number.