Every year stories come out about some unscrupulous perpetrator who preys upon an unsuspecting victim worried about paying his taxes. The IRS and other agencies provide warnings, but someone always gets caught up in the hysteria and has their money or identity stolen.
Tyler Moffitt, senior threat research analyst at Webroot, provides the following tips for staying secure this tax season.
[ MORE SCAMS: The worst of the worst phishing scams ]
1. Do not send personal information over email: Be aware that the IRS will not contact you via email to request any personal or financial information. Do not click on any links or download attachments from emails claiming to be from the IRS. Government tax collection agencies never contact taxpayers by email to let them know they’ve received a refund. They already know where to send the money if you’ve chosen to e-file and electronically deposit your refund.
2. Beware of IRS-specific scams: Phishing attacks against taxpayers are very common. Scams can involve web pages that look like the IRS’ website and typically contain warnings or outrageously large promises for a refund. The messages often are presented as if they originate from a tax authority, but contain links leading to phishing sites or malicious attached files. If you receive a message from “the IRS” with an attached file, don’t open the attachment.
3. Avoid using search engines: Click on links that take you straight to the source. Poisoned search results may inadvertently lead you to dangerous sites. If you need tax-related information or need to download any forms, go directly to the official IRS website at www.irs.gov instead of using a search engine.
4. Update your software: Always download the latest updates to Windows, as well as any non-Microsoft applications (such as Adobe Reader, Foxit Reader or whatever application you use to read PDF documents). These updates can help prevent infections that take advantage of security vulnerabilities in those products.
5. Start with a clean machine: When it comes to preparing and collecting the information you need to file your taxes, you should always start the same way: perform a full scan of the computer with an up-to-date antivirus program. Do this before you log into your bank account or any other website that may hold your private financial data, including your online tax filing service, if you use one.
6. Practice good password hygiene: Make sure you use complex passwords and change them frequently. If you have trouble remembering your passwords, be sure to use a credible password manager. For added protection, leverage two-factor authentication like biometrics if your device supports it (e.g., a thumbprint) and then use a second method of authentication such as a long password. Make sure you don’t auto-save your login information and when you finish an online session, be sure to log out of any sites with sensitive account information, such as TurboTax or H&R Block.
7. Limit use of public Wi-Fi: If checking tax information in a public setting, avoid connecting to Wi-Fi hotspots and use your cellular network connection. Most hotspots and public Wi-Fi networks inherently lack adequate protection, leaving your mobile devices, tablets and personal computers at risk. On top of that, malicious users oftentimes will create networks or URLs similar to coffee shops, airports or similar venues. In most cases, you should turn off Wi-Fi and Bluetooth settings on devices if it’s not needed.
8. Consider your web browser options: We recommend that you use a browser other than Internet Explorer to file taxes. If you use Firefox, consider installing the NoScript, AdBlock Plus and the HTTPS Anywhere add-ons, which in combination can prevent online threats from causing infections.
9. Keep personal information off your hard drive: When you’ve finished filing your taxes, collect your forms and tax return documents and burn them to a CD or DVD. Delete the tax record documents and returns from your computer’s hard drive and clear the browser’s history using the browser’s own privacy settings.