The number of those filing taxes online has risen, but with that increase comes the risk of fraud and hacking.
In 2014, more than 27 million U.S. taxpayers filed their tax return from home computers, an increase of almost six percent from the year before. However, filing taxes online helps criminals file fraudulent tax refunds. In 2013, the Internal Revenue Service said potentially fraudulent tax refunds amounted to approximately $3.6 billion, down from $5.2 billion in 2010.
There is a risk of getting private information hacked by criminals, with even the IRS dealing with identity thieves. The IRS revealed in February 2016 criminals used malware in an attempt to create E-file pins with personal information, including social security numbers stolen outside the agency. Although no personal taxpayer information was compromised or disclosed by IRS systems, there were unauthorized attempts involving approximately 464,000 unique social security numbers, of which 101,000 of them were used to successfully access an E-file PIN.
Malware researcher Amanda Rousseau from cybersecurity firm Endgame points out to various ways criminals could take advantage of tax season to steal sensitive information, including through emails.
“Tax season email fraud has always been rampant for many years and the malware can range from botnets, backdoors, and spyware,” said Rousseau. “Malware payloads typically come in the form of an attachment to a targeted email. The idea is to get the user to download and open it.”
Rousseau, who has been named one of the top women in Internet Security, noted that ransomware has been around for many year but spiked over the last two years.
“Because ransomware is easy to reproduce, criminals find it easy to deploy and make money,” she said.
Here are some tips from Rousseau on how to protect yourself when filing taxes online:
- When visiting tax websites, ensure that the website is secure by the URL bar in your browser (i.e. the lock symbol to the left of "INTUIT"
- Be careful clicking on links in emails, hover over links and images before clicking to confirm it’s the right URL from a legit company
- Check the email header and confirm the sender with your company
- If the email has poor grammar and English it might be a fraud
- Disable macros when opening documents
- If you are to download attachments, run an AV scan on the object before executing or double-clicking.