You are viewing this article in the archives. For the latest breaking news and updates in Ann Arbor and the surrounding area, see
Posted on Thu, Apr 4, 2013 : 9 a.m.

Tax time is open season for hackers

By Kristin Judge


Image courtesy of Arvind Balaraman /

As a friend of mine prepared her taxes last year, she was encouraged to include her foster son on her taxes to receive the tax benefits. When she did, it was discovered that the 2-year-old already had bad credit. Her son’s information had been compromised and used by a thief to run up debt. Stealing the identity of a child is an attractive approach for criminals since the victim may not find out until they are much older and applying for credit the first time.

It is the time of year most Americans are preparing their taxes. The bad guys know that, and it is a prime time for them to use social engineering tactics to steal information and identities. Just think of the personal information on a tax return, and it is easy to understand why returns are a target. On the first page of a tax form alone, a person lists the name, address, date of birth and social security number of everyone in their family. This personal identifying information (PII) is a gold mine for someone looking to steal your identity.

Now that Americans are able to file their taxes online and get tax forms online, fake tax websites are popping up. The IRS issued a warning in October 2012 called, “Don’t Fall for Phony IRS Websites” that describes websites that mimic the IRS. The official IRS website is simple to remember: Be sure to check that you are on the official site before doing any online transactions.

Be informed this tax season to keep from becoming a victim of cyber tax scams.

Today’s Quick Tips: (These tips come from the newsletter archive)

Learn to recognize a tax scam

According to the IRS, below are the key ways to recognize an email tax scam. The email:

  • Requests personal and/or financial information, such as name, SSN, bank or credit card account numbers or security-related information, such as mother's maiden name, either in the email itself or on another site to which a link in the email directs you.

  • Includes exciting offers to get you to respond, such as mentioning a tax refund or offering to pay you to participate in an IRS survey.

  • Threatens a consequence for not responding to the email, such as additional taxes or blocking access to your funds.

  • Has incorrect spelling for the Internal Revenue Service or other federal agencies, uses incorrect grammar or odd phrasing.

  • Discusses "changes to tax laws" that include a downloadable document (usually in PDF format) that purports to explain the new tax laws (these downloads are populated with malware that, once downloaded, may infect your computer).

    To stay safer this tax season, follow these five steps:

    Secure your computer. Make sure your computer has the latest security updates installed. Check that your anti-virus and anti-spyware software are running properly and are receiving automatic updates from the vendor. If you haven't already done so, install and enable a firewall.

    Carefully select the sites you visit. Safely searching for tax forms, advice on deductibles, tax preparers, and other similar topics requires caution. Know the site. Know the company. Do not visit a site by clicking on a link sent in an email, found on someone's blog, or on an advertisement. The website you land on may look just like the real site, but it may be a well-crafted fake.

    Don't fall prey to email, web, or social networking scams. Common scams tout tax rebates, offer great deals on tax preparation or offer a free tax calculator tool. If you did not solicit the information, it's likely a scam. If the email claims to be from the IRS, it's a scam -- the IRS will not contact you via email, text messaging or your social network, nor does it advertise on websites. If the email appears to be from your employer, bank, broker, etc. claiming there is an issue with what they reported for you and you need to verify some information, it might be a scam. Do not respond to the email. Contact the entity directly before responding.

    Never send sensitive information in an email. It may be intercepted and read by criminals.

    Use strong passwords. Passwords should have a minimum of nine characters and include upper case (capital letters), lowercase letters, numbers, and symbols. Make sure your work passwords are different from your personal passwords.

    For additional information about tax related scams and identity theft, please visit:

    Taxpayer Guide to Identity Theft:

    Tax Scams/Consumer Alerts:

    IRS Releases the Dirty Dozen Tax Scams for 2012:

    Report Phishing:

    To get more great information about staying safe online, including access to free monthly newsletters, webcasts and more, visit the Center for Internet Security at Stay tuned for our next chat!

    Kristin Judge is the executive director of the Trusted Purchasing Alliance, a division of the Center for Internet Security. She can be reached at