Navigating Tax Season Safely: Cybersecurity Measures to Protect Your Financial Information
As tax season approaches, individuals and businesses alike are gearing up to file their returns. However, amidst the hustle and bustle and stress-inducing time of financial preparations, it is crucial to prioritize cybersecurity. The rise of online tax filing and the increasing sophistication of cyber threats make taxpayers need to adopt vigilant practices to safeguard their sensitive financial information. In this article, we will explore key cybersecurity measures to stay safe during tax season.
Use Secure Networks and Devices:
Before initiating any tax-related activities, ensure that you are using a secure and private network. Avoid public Wi-Fi networks when accessing sensitive financial information. Additionally, keep your devices, including computers and smartphones, updated with the latest security patches and antivirus software.
Use Secure Filing Websites:
Only trust tax-filing portals with ‘https:’ before the URL. This means the data is securely encrypted during transfer.
Beware of Phishing Attempts:
Cybercriminals often use tax season as an opportunity to launch phishing attacks. Be cautious of emails, messages, or calls claiming to be from government agencies, tax software providers, or financial institutions. Verify the legitimacy of communications by directly contacting the relevant entity using official contact information from a trusted source–not the contact information in the message you received.
Choose Reputable Tax Software:
Opt for well-established and reputable tax preparation software. Ensure that the software uses encryption to protect your data during transmission. Download the software directly from the official website or authorized distributors to avoid potential malware or phishing scams.
Secure Your Tax Documents:
Protect physical and digital copies of your tax documents, including W-2s, 1099s, and financial statements. Store physical documents in a secure location, and use encryption and strong passwords for digital files. Consider using a secure, password-protected cloud storage solution for added protection.
Get your Identity Protection PIN
You can get a special Identity Protection PIN (6-digit ID PIN) from the IRS to keep your online tax information secure and help prevent someone from filing a tax return using your Social Security Number.
Enable Multi-Factor Authentication (MFA)/Two-Factor Authentication (2FA):
Strengthen your account security by enabling multi-factor authentication wherever possible. MFA adds an extra layer of protection by requiring additional verification steps, such as a code sent to your mobile device, in addition to your password.
Be aware of “MFA/2FA fatigue” too, so take those requests to your devices seriously. If you didn’t make the request, DO NOT grant access.
Create Strong Passwords:
Make your password long, strong, and complex. Don’t reuse passwords, either.
File Early:
Filing your taxes as soon as possible gives scammers less time to file a fake return to steal your refund.
Regularly Monitor Financial Accounts:
Stay vigilant by regularly monitoring your financial accounts for any suspicious activity. Set up alerts for account transactions ensuring that you are promptly notified of any unauthorized or unexpected withdrawals or changes.
Shred Physical Documents:
For physical documents that are no longer needed, use a cross-cut shredder to dispose of them securely. Criminals may engage in "dumpster diving" to obtain discarded documents containing valuable personal information.
Secure Email Communications:
If you need to exchange sensitive tax information via email, use secure and encrypted email services. Avoid sending sensitive information in the subject line or body of the email; instead, use password-protected attachments.
Regularly Back Up Your Data:
Regularly back up your tax-related data to an external hard drive or a secure cloud storage solution. In the event of a cybersecurity incident, having backups ensures that you can recover your important files without falling victim to ransomware attacks.
Educate Yourself and Your Team:
Whether you're an individual taxpayer or a business owner, invest time in educating yourself and your team about common cybersecurity threats. Awareness is a powerful defense against phishing, ransomware, and other cyberattacks.
Red Flags:
- A phone call or message from a supposed IRS representative without receiving any mail from this agency is fake. They will NOT text or DM on social media and will ONLY email if you have been sent a physical letter first.
- Scammers spoof phone numbers easily to make it look like the call is coming from a legitimate account. The best thing to do is make notes of the call and then hang up. Find the agency’s official website and find their contact information on it. Don’t use redial. Use the phone number from the legitimate website.
- All IRS payments go to the U.S. Treasury. Gift cards, wire transfers, and cryptocurrency are NOT valid methods of payment.
- If these random calls, texts, DMs, and emails want your personal information like your Social Security number, bank account information, login credentials, or mailing address, they’re probably scammers.
- They are contacting you because it is “URGENT!” They want you to panic and make a mistake.
- There are attachments or links involved. These can drop viruses and other malware on your PC, tablet, or phone.
- Scammers also often act like they are from Intuit TurboTax, H&R Block, etc., to collect personal information. These companies will NEVER contact you via phone, email, DM, or text for this.
Taking Action/Reporting Scams
If you suspect you have been a victim of a tax-related identity theft or know that your Social Security number (SSN) has been compromised:
- Contact the IRS immediately: 1-800-908-4490
- Complete IRS Form 14039 (Identity Theft Affidavit) if your electronic return is rejected because of a duplicate filing under the SSN.
- Visit IRS Identity Theft Central https://www.irs.gov/identity-theft-central
- Visit IdentityTheft.gov for more information https://www.identitytheft.gov/
- Read the IRS Identity Theft Victim Assistance page https://www.irs.gov/individuals/how-irs-id-theft-victim-assistance-works
- Request a copy of the fraudulent return in your name if you want to see it https://www.irs.gov/individuals/instructions-for-requesting-copy-of-fraudulent-returns
- Your state taxes may also be a target, so reach out to the state tax department in your state, too.
If you have not fallen victim but have been contacted by scammers and want to report it:
- Report IRS-related impersonation - Treasury Inspector General for Tax Administration (TIGTA) https://www.tigta.gov/
- Report phishing - IRS, Treasury, and tax-related online scams https://www.irs.gov/privacy-disclosure/report-phishing
- Report Tax Fraud - IRS CI https://www.irs.gov/individuals/how-do-you-report-suspected-tax-fraud-activity
- Report Fraud - FTC https://reportfraud.ftc.gov/
- Report Cybercrime - IC3 https://www.ic3.gov/