Cybersecurity Best Practices for Taxpayers: How to Stay Safe
When it comes to cybercrime, nobody is safe. From government agencies to senior citizens, online scams surge around tax time to exploit human and digital vulnerabilities.
April is a busy month for law-abiding taxpayers and the individuals who help them file. It’s also the busiest month for criminals out to exploit the personal data and finances of millions of Americans. According to the Federal Trade Commission (FTC), scam attempts peak in the days between April 15 and April 21 and gradually tail off toward the end of the month.
The old approach of scam phone calls is still active, but now unsuspecting recipients can fall afoul of year-round emails ready to exploit their lack of awareness. These fake communications come loaded with misleading links and virus-packed attachments that do a lot more than hijack a web browser; they can make off completely with your identity.
The growing danger of cyberattacks on taxes
The IRS issued a warning ahead of the 2019 tax filing period, alerting the public to the huge increase in ever-more-sophisticated scams and highlighting how the holidays are just as likely a time for criminals to strike as April.
Incidents were up 60 percent from the previous year, as phishing scams stole Social Security numbers, bank details and more. The troubling and simultaneously comforting fact is that the public is the only real line of defense against phishing scams—the more we know, the less effective these slippery attacks will be.
It’s not just the public who is being attacked. The IRS itself has been operating with an outdated and overwhelmed cyber framework for years, an issue it vowed to correct in a statement released in April. Page 30 of the full IRS Integrated Modernization Business Plan details the cybersecurity steps they’re taking (as does this shorter IRS factsheet).
Even so, it will take six years to fully roll out and protect the IRS from the 1.4 billion cyberattacks the agency is subjected to every year. What can taxpayers do to be safer in the meantime?
Taxpayers should take these steps
It bears repeating that cyber criminals hunt for targets year-round, not just during holidays and filing time. Everyone should be aware of the hallmarks of fraudulent communications:
- Beware of tax-related emails which claim to come from legitimate sources like the IRS, business partners, or even friends and family. Cybersecurity experts and the IRS recommend a healthy dose of distrust, no matter who the sender seems to be. A legitimate party could have had their account compromised without their knowledge and it’s now under the control of a scammer.
- There are usually links and attachments connected to emails that, if followed or opened, will take personal data or infect a device with malicious software that will steal that data. Never click on either of these.
- These emails are typically overly insistent and even threatening in nature, designed to play on people’s fear of punishment by demanding information or contact.
- Broken English is another giveaway, but this is a flaw that’s gradually disappearing.
Assuming that a tax payer avoids this particular danger, they’re still taking a huge risk by not operating with security protection like anti-malware/anti-virus software, a strong password, and multi-factor authentication on their accounts and devices. These should be applied wherever possible when dealing with tax-related matters and also to anything related to personal/business finances.
Likewise, the same strict standards should apply to an individual’s entire online life. Never provide personally identifying information or financial data to any website that isn’t trusted or fully security encrypted—at minimum, look for the https prefix (vs. http) on any website address in your browser. It’s a short step from purchasing groceries online to finding your entire identity has been stolen and exploited.
Some cyber criminals aren’t looking to download data; they simply want to destroy it. We recommend that businesses and individuals always back up their tax documents on a secondary, removable or cloud drive to provide a further security layer.
One of the most important pieces of advice we can offer is to thoroughly check the credentials of the tax professionals you’ve chosen to work with. Scammers go so far as to pretend to be established tax agencies offering a helping hand, when they’ve only appeared in time to steal details and exploit them. Worse, some established agencies or their representatives may operate to defraud their clients of funds.
One last tip is a perennial piece of advice from tax pros—file your taxes early. This increases security because the IRS only accepts one tax return per Social Security number, meaning that if the real taxpayer files first, any subsequent attempt by a cybercriminal using stolen details will be rendered impossible.
The bottom line is to stay vigilant, question every tax-related communication, and protect all online activity with the proper cybersecurity measures.
Who should taxpayers tell if they suspect a scam?
Inform the IRS if any digital communications seem suspect—it never hurts to be cautious. If you’ve received a demand for an outstanding amount and aren’t sure if it’s legitimate, then there are two ways to verify without complying with a suspicious request: individuals can view their personal IRS account, and businesses or their designated third party can receive a free transcript of their account on request.
The Federal Trade Commission can and should be contacted via the Complaint Assistant. For further information on crime prevention, businesses can benefit from the National Institute of Standards and Technology’s handbook for data security.
Stay safe out there!
Provident CPA and Business Advisors offer a wide range of services in taxes, accounting, and beyond. Our core focus is to help professionals achieve financial freedom and build a better business. Get in touch today to start strengthening your finances.