As far as cyber criminals are concerned, tax season means open season. This time of year is a favorite for phishing scams and fraud, second only to the holidays. With a little awareness and common sense, though, you can avoid being a victim and make sure your tax refund ends up in your pocket.
Fred Touchette, senior security analyst with AppRiver, shared some thoughts about common tax season threats and how to avoid them.
1. The IRS won’t email you
Cyber crooks and phishing scams often use email designed to look as if it came from the IRS. Don’t fall for it. The IRS will not initiate contact with taxpayers by email.
2. The IRS won’t ask for your PIN
You may receive solicitations by email, text message, or even an actual phone call claiming to be the IRS and requesting your PIN or credit card information. The IRS will never do this.
3. Beware links and attachments
This should be standard operating procedure. Never click on any links or open any attachments in emails from unfamiliar sources. In fact, think twice about clicking any from even known sources unless you know up front what it is.
4. Don’t use public hotspots
This is also sage advice any time of year. Limit public Wi-Fi hotspot use to inocuous activities like reading the news or checking the weather. Never use a public hotspot to log into accounts or access sensitive information because anyone else using the network could intercept your credentials or data.
5. Always log out
Make sure you log out of sensitive sites and services. If you don’t, another user may still have access to your information if they use that same computer after you.
6. No children allowed
Many attacks and phishing scams are targeted specifically at kid-oriented sites and services. Don’t use a PC that your children play on to file your taxes online because there is a higher likelihood that it may be compromised in some way.
7. Be skeptical
If it seems too good to be true, it is. Just delete suspicious messages. Viewing or opening them may expose you to exploits. If it’s legitimate or important, whoever sent it will contact you again.
8. Look for the padlock
Before you start entering a bunch of sensitive tax data, look for the padlock icon on your Web browser. It indicates that you’re using a secure, encrypted HTTPS connection rather than the standard HTTP.
9. Use strong, unique passwords
This is another evergreen tip. Make sure you choose passwords that are difficult to crack or guess, and use different passwords for each site or service to make sure a compromised password at one site doesn’t compromise all of your accounts.
10. Limit your exposure
One last piece of common sense advice: Use basic security tools to limit your exposure to threats and exploits. There will always be security concerns, but you can minimize your risk by using reliable security tools to monitor and block threats.