Tax season is a notoriously stressful time for both individuals and business owners. But while taxpayers are worrying about filling out the proper forms and coming up with all the necessary documentation, cybercriminals are lurking around the corner, waiting to steal sensitive personal data.
"There is never any shortage of tax-related phishing and malware email campaigns," said Troy Gill, a senior security analyst for security solutions provider AppRiver. "Messages come in a variety of flavors, often posing as legitimate correspondence from the IRS or popular tax preparation services such as TurboTax or H&R Block. Malware authors use all means possible to obtain financial reward, whether it means tricking users out of their tax refunds or infecting computers with malware."
William Pelgrin, president and CEO of the Center for Internet Security, agreed that identity theft for financial gain is especially prevalent during tax season. While phishing remains the most common method, other methods, like phone scams — in which scammers call taxpayers, claiming to represent the IRS — also continue to occur, he said.
Despite the widespread knowledge that tax fraud can and does occur, many taxpayers still don't take the proper steps to prevent scams. As tax season comes to a close, here are five ways you can guard yourself against cybercriminals and identity thieves.
1. Know the warning signs. There are a few major warning signs that an email might be a phishing scam, Pelgrin said. The typical indicators of a fraudulent email include requests for personal or financial information, an attached document or link claiming to discuss tax law changes, and threats of consequences for not responding, such as additional charges or blocked funds.
2. Have a solid Web security system in place. You may have an antivirus program installed on your computer, but relying on a single piece of software may not fully protect you from hackers. A multilayer security system is your best bet for guarding your personal information. [For a side-by-side comparison of the best antivirus software, visit our sister site Top Ten Reviews.]
"It's a good idea to have multiple layers of protection, including firewalls, Web filtering and antivirus protection with a good heuristic testing engine," Gill told Business News Daily. "Firewalls can be configured to filter out inherently dangerous services, exposing the protected network to fewer risks. It is essential to keep [all of your] software up-to-date, as the threats the software protects you from are ever-changing."
3. Never give out sensitive data via phone or email. If you receive an email or phone call from someone claiming to represent the IRS, and that person asks for your Social Security number or bank-account details, do not respond. Pelgrin noted that the IRS never contacts taxpayers directly via phone or email to ask for sensitive information, nor does any reputable financial institution.
4. Keep your systems up-to-date. Gill recommended that you always install the latest updates for your Internet browser and operating system. Both of these receive frequent updates, many of which include fixes for vulnerabilities that could be used in an attack against an innocent taxpayer.
5. Educate yourself (and your employees) about cyberrisks. Knowing the signs to look out for is the first step in helping you avoid becoming a tax-fraud victim. Taking the time to educate yourself and your team can go a long way in keeping your personal data safe.
"Make sure your employees are aware of the risks and know how to protect against them so that they do not put the company in jeopardy," Pelgrin advised. "This is especially important if you allow BYOD (bring your own device). Ensure that strong passwords are used to access company systems and devices."
Originally published on Business News Daily.