Tax time is open season for hackers
Image courtesy of Arvind Balaraman / FreeDigitalPhotos.net
It is the time of year most Americans are preparing their taxes. The bad guys know that, and it is a prime time for them to use social engineering tactics to steal information and identities. Just think of the personal information on a tax return, and it is easy to understand why returns are a target. On the first page of a tax form alone, a person lists the name, address, date of birth and social security number of everyone in their family. This personal identifying information (PII) is a gold mine for someone looking to steal your identity.
Now that Americans are able to file their taxes online and get tax forms online, fake tax websites are popping up. The IRS issued a warning in October 2012 called, “Don’t Fall for Phony IRS Websites” that describes websites that mimic the IRS. The official IRS website is simple to remember: www.irs.gov. Be sure to check that you are on the official site before doing any online transactions.
Be informed this tax season to keep from becoming a victim of cyber tax scams.
Today’s Quick Tips: (These tips come from the MSISAC.org newsletter archive)
Learn to recognize a tax scam
According to the IRS, below are the key ways to recognize an email tax scam. The email:
To stay safer this tax season, follow these five steps:
Secure your computer. Make sure your computer has the latest security updates installed. Check that your anti-virus and anti-spyware software are running properly and are receiving automatic updates from the vendor. If you haven't already done so, install and enable a firewall.
Carefully select the sites you visit. Safely searching for tax forms, advice on deductibles, tax preparers, and other similar topics requires caution. Know the site. Know the company. Do not visit a site by clicking on a link sent in an email, found on someone's blog, or on an advertisement. The website you land on may look just like the real site, but it may be a well-crafted fake.
Don't fall prey to email, web, or social networking scams. Common scams tout tax rebates, offer great deals on tax preparation or offer a free tax calculator tool. If you did not solicit the information, it's likely a scam. If the email claims to be from the IRS, it's a scam -- the IRS will not contact you via email, text messaging or your social network, nor does it advertise on websites. If the email appears to be from your employer, bank, broker, etc. claiming there is an issue with what they reported for you and you need to verify some information, it might be a scam. Do not respond to the email. Contact the entity directly before responding.
Never send sensitive information in an email. It may be intercepted and read by criminals.
Use strong passwords. Passwords should have a minimum of nine characters and include upper case (capital letters), lowercase letters, numbers, and symbols. Make sure your work passwords are different from your personal passwords.
For additional information about tax related scams and identity theft, please visit:
Taxpayer Guide to Identity Theft: www.irs.gov/uac/Taxpayer-Guide-to-Identity-Theft
Tax Scams/Consumer Alerts: www.irs.gov/uac/Tax-Scams-Consumer-Alerts
IRS Releases the Dirty Dozen Tax Scams for 2012: www.irs.gov/uac/IRS-Releases-the-Dirty-Dozen-Tax-Scams-for-2012
Report Phishing: www.irs.gov/uac/Report-Phishing
To get more great information about staying safe online, including access to free monthly newsletters, webcasts and more, visit the Center for Internet Security at www.cisecurity.org. Stay tuned for our next chat!
Kristin Judge is the executive director of the Trusted Purchasing Alliance, a division of the Center for Internet Security. She can be reached at email@example.com.