At this time of year, the number of tax scams reaches a peak, with fraudsters looking for any chance to cash in on consumers, the self-employed, and small businesses that might get excited enough about potential refunds to throw caution and good sense out the window.
Many people now do their taxes online, and cybercriminals see that as a huge opportunity to make money with phishing schemes. The IRS saw a 400% surge in phishing and malware incidents during the 2016 tax season, and that trend is likely to continue this year.
Take the recent W-2 e-mail scam, which sent victims requests for information about an employee W-2 form from a company’s payroll or human resources departments. At this time of year, a harried staffer might not think twice.
With cybercriminals always looking for monetary gain, it’s important for consumers and businesses alike to be aware of what to look out for. This includes:
- Phishing e-mails — These messages attempt to entice you into providing sensitive information by pretending to be a legitimate organization (e.g., the IRS).
- Phone calls — Smooth criminals try to trick people into giving out information over the phone. The information can then be used either to access an account directly or to send credible-looking phishing e-mails.
- Apps — A fraudulent app can access information without a user realizing anything has happened.
We recommend the following top tips to stay safe when managing your tax affairs this year:
1. Give yourself plenty of time to file your tax return to lessen the risk that you will respond in haste to a scam;
2. Don’t trust advice about how to get a refund unless it comes from a tax professional or source that you trust — if in doubt, always double-check;
3. Don’t assume a bank or government agency has access to your tax details. They will not have granular information about your tax return. Even if a communication looks legitimate, check over the details first and if in doubt, contact the apparent source of the information using publicly available contact information (not details from the communication you’re trying to verify);
4. If using a mobile app to file your tax return, do so over a secure connection and make sure you have mobile Internet security — and that it’s up to date. Also make sure you review permissions requested by any app before accepting them;
5. Do not click on attachments or links in messages that look suspicious or that you received from unknown people;
— Kaspersky (@kaspersky) November 21, 2016
6. Do not enter your credit card details on unfamiliar or suspicious sites, to lessen the risk of passing them on to cybercriminals. Fake sites can be made to look just like the legitimate site that they’re trying to spoof. It’s always best to type in a URL yourself, and always check that there’s a secure connection between you and the site — look for “https” at the start of the address bar;
7. Install a security solution on your device, with built-in technologies designed to prevent financial fraud. For example, the Safe Money feature in Kaspersky Lab solutions creates a secure environment for financial transactions.
The IRS gets enough of your hard-earned cash. Don’t let the rest of it go to cybercriminals.