Tax time is like Christmas for cyber criminals. Their victims are busily pulling together sensitive financial information from all kinds of online sources, and many are filing using one of the half-dozen or so web-based tax-preparation services or electronical state or Federal portals. In the rush to meet deadlines and avoid the ire of the taxman, consumers are especially vulnerable to scams and identity theft. Here are some tips to keep yourself safe and sane.
- Update protective software. Be sure your malware and firewall protection is up-to-date before conducting any secure online transactions. Perform a deep antivirus scan before opening sensitive documents or connecting to a tax-preparation service.
- Back up everything. Ransomware was the fastest growing form of malware in 2016, and there are no signs its momentum has slowed. Most ransomware encrypts all the data on your hard drive and demands a ransom payment to unscramble it. The only effective defense is to have a backup, so make sure all of your sensitive financial documents are stored in at least one other place, such as a cloud service or on a USB drive. Also, protect any sensitive data on your local storage media by saving it in an encrypted folder.
- Don’t forget physical security. If your office is in a shared space, your security is only as good as the locks on the door. Store physical records in a safe or file cabinet with a good-quality lock. And don’t keep old tax records. The statute of limitations on back taxes is three years, although It may be as long as 10 years in some circumstances. Whatever the case, there’s no reason to keep those 2005 files around anymore. Shred them.
- Use strong passwords when filing online. This is no time to safeguard your account with passwords like “123456” or your telephone number. Choose a password of at least eight random alphanumeric characters, including upper- and lower-case, digits and punctuation marks. Most password managers will generate secure passwords for you and store them safely. If the tax-preparation site offers two-factor authentication, use it. Be sure any online tax-preparation service you use employs the secure “https” protocol. If you don’t see those characters at the beginning of the web address, your connection isn’t secure.
- Don’t use public Wi-Fi services when working with financial information. Most are unencrypted, which means that anyone sniffing the network can harvest any information that is transmitted over it. Although you may need a cup of coffee to calm your nerves at this stressful time, don’t do your taxes from the local coffee shop. Get your joe to go.
- File early. The IRS estimates it paid out nearly $6 billion in bogus refunds to identity thieves in 2013, and the real figure was probably higher. Tax identity theft is a growing problem. Any thief who has your Social Security number can file a false W-2 form and claim a refund in your name. Your filing then gets rejected, and you have to submit to a lengthy appeals process. It takes an average of 278 days to resolve a claim, and even then there’s no guarantee you’ll win. The best strategy is to file early, particularly if you suspect that your Social Security number has been compromised. That way crooks have a smaller window to scam you.
- Don’t share passwords, even with your accountant. This isn’t about trust but control. Even if your accountant is your best friend, there’s no guarantee he or she can’t get hacked. If you need to share documents, export them and store them in a secure online vault with sharing capabilities. It goes without saying that you never send passwords by email, right?
- Don’t share Social Security numbers, either. All a thief needs is those nine digits and your address to file a fraudulent return. You should only share Social Security numbers over the phone or in an encrypted email message.
- Don’t fall for phishing scams. Scammers love tax time because they know consumers are in a state of high anxiety about the potential for audits or fines. Phishing messages often contain alarming language or threats that are intended to scare recipients into giving up personal information. Any email that appears to be from the IRS and that asks you for personal information is a scam. The basic rules of phishing prevention also apply: Don’t click on links in email unless you’re absolutely sure of the identity of the sender.
- Monitor your filings for suspicious activity. When you file your taxes, the IRS provides you with an Electronic Filing Identification Number (EFIN). You can use this number to check periodically on how many tax returns have been filed in your name. This enables you to catch a breach quickly. The IRS has more information here.
- Don’t fall for fake IRS phone scams. Bad people posing as IRS agents are contacting innocent taxpayers to steal personal information, money and tax refunds. The IRS never calls taxpayers by phone to request personal information, tax information, credit card numbers and money. If you get a phone call from an IRS impostor, tell them nothing and immediately hang up the phone. Then, report the incident to the Treasury Inspector General at (800) 366-4484 or at www.tigta.gov. Thousands of taxpayers fall victim to fake IRS phone scams where the caller will demand immediate payment to release a tax lien or levy. You can learn more about this phone scam here.
The IRS also publishes a great, 21-page guide to “Safeguarding Taxpayer Data.” Read it if you want to be sure all your bases are covered.
eWeek has shared a version of this article on their website. To read it, please click here