On March 13th, the IRS published a warning regarding personal data protection and provided a brief guide on how taxpayers can protect themselves from being hacked. They claimed that practicing personal information security is a vital issue.
In 2017, the personal data of more than 150 million taxpayers was compromised. In 2018 this number is expected to be even higher. The IRS recommends to review the tips provided by the Security Summit, the result of collaboration between IRS and private tax authorities. We mixed up a couple of security tips and tricks as well to support the mission that IRS started.
Learn to Recognize Phishing Emails
Only 50% of tax software providers use the most basic level of email protection, according to research conducted by the Global Cyber Alliance. And the remaining 50% do not use any protection at all to prevent their email domains from being hacked.
1 in 131 emails sent by tax service providers included malware, according to a report by Symantec ISTR. It is the highest rate in the last 5 years. Here are some examples of real phishing emails you could use to detect similar content in your own Inbox.
Example #1: Email Notification from Facebook
It’s an email to a Facebook user that looks like a notification from Facebook Support Team about 4 pending friend requests. There are three things to pay attention to. First, this email doesn’t start with the name of the recipient, which means that the fake support officer didn’t bother to learn who’s missing on these important friend requests. Secondly, the “From” line says the email was sent by Facebook, but the actual email address is not from facebook.com (firstname.lastname@example.org). And finally, if you hover the cursor over the link (in this case it’s 4 friend request), you’ll see, again, that the source is definitely not Facebook.
Example #2: Fake IRS Refund
This year the IRS has already warned taxpayers to be careful with any emails they receive, especially those related to refunds. How does IRS contact you? Have you ever got an automated IRS call regarding a lawsuit? Chances are it was fake.
The email in the example includes the IRS logo, looks well-structured and well-written. But, again, it doesn’t start with any personal greeting, no Dear Jane or John. Fake IRS is okay with simple Dear Taxpayer and doesn’t reveal the name of the officer, who signed an email (all you need to know is it was written by the IRS Team). Hover the cursor over the link without clicking. You’ll see the actual source either right next to the cursor or in the bottom left corner of the page. If it’s not the IRS, never ever click on it. You should especially be on high alert if you didn’t claim refund, but the email about the refund appeared in your box anyway.
The following emails may also be sent by scammers and may include malware.
Example #3: Suspended PayPal Account
Example #4: Amazon Refund Due to System Error
File Your Tax Returns Earlier
The sooner you prepare your tax documents and file your return, the sooner you can get your refund. That’s the first reason to file earlier. Another good reason is to try to avoid tax-refund identity theft. “Filing early lowers the chance that someone can get in front of you, which is essentially how fraudsters work,” says Rick Henderson, principal at Atlanta Financial Associates. “Because what they do is file a fake tax return with the hope that they’re doing so before you. The faster you file, the less chance someone has to get ahead of you.”
The IRS informs that resolving tax-related identity theft cases may take from 120 to 180 days or even longer. That means you might have no time left to request the refund which you deserve according to the law.
Always Use the Latest Version of the Anti-Malware Software
If your computer system is not protected, it is vulnerable and could possibly come under attack within the first 15 minutes of you surfing on the internet. So before filing your taxes electronically, make sure your PC is protected well.
When choosing what anti-malware program to install, opt for the solutions with firewall. Having firewall on your computer means any information including your passwords, social security number, bank details, or any other confidential data can’t be sent out without your permission. Bear in mind that a firewall doesn’t provide 100% protection. It is only one line of defense.
Besides, there are operating systems that already have built-in protection which may be enough for a basic security level. The same goes for routers. For example, ASUS routers have AiProtection which monitors networks in real-time for detecting malware earlier in your device or PC. It limits access to websites that may contain malware based on the Trend Micro database. Additionally, it has IPS (Intrusion Prevention System) that helps prevent spam and DDoS attacks. In router settings you can see the statistics and check what websites to avoid in future.
HTTP or HTTPS?
When filing and paying your taxes online, pay attention to the type of protocol by which the data is being sent. In simple terms, check whether the website through which you’re going to pay has http or https at the beginning of the link. http is just a usual hyper text transfer protocol while https is a more secure version of it. Go to the IRS website and you’ll see that it has a secure protocol. This means that the communication between the website and browser is encrypted and all transactions (like payments) are highly protected. In Firefox and Chrome you can see a padlock icon in the address bar that indicates that the https is active.
In Case of Identity Theft
Let’s assume, the worst has happened. The IRS has designed a special form that must be completed and submitted as soon as you identify you’ve been scammed. Search for Form 14039. That is the Identity Theft Affidavit. Fill it out and send it directly to the IRS. Depending on the situation, they may assign you a special PIN to protect your return.
Remember, you can’t anticipate each and every factor that may lead to identity theft. But you can arm yourself with knowledge and reduce the odds.