In 2020, the IRS exposed $2.3 billion in tax fraud, ranging from identity theft to refund fraud. The agency also uncovered a number of cybercrimes involving false tax statements and other attempts to scam money from taxpayers and companies. The pandemic added new challenges, as the IRS discovered false claims filed for Covid-19 economic relief payments.
“Clearly, unscrupulous individuals sought to exploit the economic safeguards put in place to buttress a nation in crisis,” IRS Criminal Investigation Chief Jim Lee said in a formal statement.
Expect fraudsters, identity thieves, and other cybercriminals to be even busier this tax season, as more people will be relying on virtual tax assistance.
Tax season is phishing season
Tax season is prime time for phishing scams. There will be emails spoofing the IRS, state tax agencies, and tax preparers. Cybercriminals also use targeted spearphishing campaigns that look like they are coming from within the company. Emails that appear to be sent from the CFO, HR, or accounting offices that ask for verification of information on W2 documents or want users to download documents to fill out and return are more common than people realize. The end goal is to get sensitive data such as Social Security numbers, bank details, full names and addresses to be used for identity theft and fraud.
This year, you should be on alert for various types of potential fraud and sensitive data theft. Here is a checklist to use in order to keep tax data secure, both in the office, at home, and in transmission.
- Password protect everything. All tax documents and anything with personally identifiable information (PII) should be kept in databases and file folders that are protected with strong passwords. Even better, if available, use a second method of authentication, especially on a shared device or network.
- Never access tax documents or PII in public. In other words, don’t send anything sensitive via public WiFi connections and don’t work on documents at a table in a library or coffee shop.
- Verify every email regarding tax documents. If you are unsure if an email is real or phishing, contact the sender by phone or in a new email thread. Don’t ever hit reply because if it is spam, you are letting the phisher know you are a catch.
- Use security tools. All documents and sensitive emails should be encrypted. Devices should have updated and patched software and have security software such as anti-virus and firewalls.
- Work with accountants and tax-filing agencies who have a data security plan. Federal law requires that any company filing taxes on your behalf has a plan in place in case there is a data breach or other cybersecurity incident that puts data privacy at risk. Once the tax documents are turned over to the preparer, your data security is in their hands. Ask about their data security plan, and if they don’t have one, it’s time to hire someone who does.
- Have your own data security plan. Do you know what to do if you find out that your PII or tax information has been stolen? You will be able to react more efficiently if you have a plan in place on what to do and who to contact before you file.
- After tax season, shred any documents you no longer need. Also, clear out your cache files and history on your computer so there is no trace of sensitive information in temporary files.
Even though tax season comes around once a year for most of us, keeping tax information and PII secure is a year-round process. The more you use best security practices in protecting all of your information, the better you can outsmart the criminals who want to steal your identity and money.