You have an extra three days to file this year, but the April 18 tax deadline is fast approaching. Tax season can be stressful, or exciting depending on who owes who. Either way, the anxiety over income tax season helps attackers catch people off guard with spoofed IRS messages and other income tax related scams.
Fred Touchette, senior security analyst for AppRiver, put together some tips to help you make sure you avoid tax season malware and phishing attacks, and keep your income tax refund in your pocket where it belongs. Here are ten things you should keep in mind this tax season:
1. IRS Will Not Email You. Honestly, for most tax season threats you can stop right there. If you understand that the IRS will not contact you by email to let you know that you have a larger refund, or that you owe more money, then you can simply ignore 99 percent of the tax scams out there.
2. IRS Will Not Ask For Your Bank / Credit Card Info. If you forget the first tip, then this one should cover the remaining bases and protect your from tax season scams. Even if you actually owe more money, the IRS will never ask you to hand over your bank account PIN or credit card number.
3. Don't Click Links or Open Attachments in Unsolicited Emails. This is a security best practice for any occasion, and is a mantra of security experts everywhere. Most email-borne malware and phishing attacks can be avoided if you just remember not to click on any link, or open any file attachment on an unsolicited email.
4. Never Conduct Sensitive Transactions Over Public Networks. It is convenient to be able to jump online in a library or hotel lobby, or connect using the free public Wi-Fi at your neighborhood Starbucks or McDonald's, but don't conduct sensitive business on those networks. Networks that are shared publicly expose your data and traffic to interception and exploit.
5. Always Log Out of Sites. It is habit for many people to "end" a Web session by clicking the "X" to shut down the browser window. But, even after the browser is closed, your session with your bank or credit card company is probably still live for some period of time before it times out. To be sure nobody else can jump on and hijack your session, you should actually log out of accounts before you shut the browser.
6. Don't Share a PC With Your Kids. You might be smart enough not to fall for clever scams and phishing attacks, but are your kids? If you share a PC with your kids, they may just become the weakest link for protecting your data, and inadvertently expose your PC to increased risk. If you do share a PC, at least log in using different user accounts, and keep your sensitive data protected so that other user accounts can't access it.
7. Conduct Secure Transactions--Look for the Padlock. When you do log in to a bank, or credit card, or other sensitive site, it should be an encrypted HTTPS session to prevent the traffic from being intercepted. Look for your browser address bar to be green, or look for the little padlock icon to indicate that your browser session is secure.
8. Use Strong Passwords. Enough said.
9. Protect the PC. Use the tools available to you, such as antimalware, anti-spam, and other software to detect and filter out threats. These defenses won't catch everything, but they can help identify and block many tax season threats.
10. If It's Too Good To Be True, It's Not True. What are the odds that the IRS has reviewed your return and determined that you are owed more money? Pretty slim. Rather than getting excited about the prospect of more money coming your way, go with that gut reaction and assume it's a scam.