Want to know what makes a cybercriminal drool? The short answer is your tax return.
It’s why filing early is the single most important thing you can probably do this year in terms of your taxes, experts say: You want to file before a bad guy files for you.
Last year broke records for data breaches, according to the 2017 Data Breach Year-End Review released by the Identity Theft Resource Center and CyberScout. There were 1,579 breaches in 2017, a 44.7 percent jump over the previous year. Even worse, the actual number of records included in these breaches grew by a dramatic 88 percent over 2016.
What you want to avoid is having an identity thief file a return in your name in an attempt to collect your refund. The IRS has software that flags duplicate returns, and if it already has your return on file and someone else submits a second one, it’s the fraudulent return that’ll get rejected. But if a criminal beats you to the punch, you’ll be left with a big mess on your hands.
“In this day and age when so many identifies are being stolen online, as individuals the best thing we can do is file our taxes as soon as possible so we don’t give criminals the chance to file fraudulent taxes under false information,” Emory Simmons, a security expert and owner of the tech firm CMIT Solutions, told HuffPost.
Simmons urges employers to double-check any requests for address changes, W-2 copies or anything else that comes through email related to an employee’s taxes. There’s also been a spike in phishing scams, targeting companies big and small, that ask for tax information, he said.
Here’s how to stay safe if you e-file.
Thankfully, filing electronically does not necessarily expose you to higher risk.
“The most important thing is to be sure you access the online tax filing service on a trusted, secure internet connection,” Simmons said. That means you don’t want to file your tax return on a public Wi-Fi connection, such as those servicing public libraries, coffee shops or computers in hotel business centers.
Once you get to the tax filing service website, check that there is an “s” in the “https” at the start of the web address. That “s” at the end means it’s Hypertext Transfer Protocol Secure and you are on a site with an extra layer of security on the data in transit. On a HTTP site ― one without the “s” ― the data being communicated between your browser and the website is sent in plain text. If someone intercepted the connection between the two, they could easily see the information you were viewing and sending. This is especially dangerous when users are filling out sensitive information, like a credit card number at a website’s shopping cart checkout.
When you navigate to your chosen tax service website in the first place, you should type the URL in yourself instead of using a search engine. This will reduce the chance that you click on a fraudulent website that was created to mimic a legitimate site. (If you e-file through the IRS itself, the correct website is https://www.irs.gov/filing/free-file-do-your-federal-taxes-for-free.)
But don’t forget these other precautions, too.
Never take a photo of any tax information, including a W-2 form. And definitely don’t email or text the information to anyone. If you use a professional tax preparer, ask how they protect their data. Find out how the information is stored, how their computers are protected and what type of multi-factor authentication they have in place to protect your sensitive information. Using a tax preparer means you are trusting that the computers and internet connections are secure.
If you’re physically mailing your return, never put it in an outgoing mail box that can be accessed by someone else, said Eva Velasquez, president and CEO of the Identity Theft Resource Center.
“Instead, mail it directly from the post office,” she said.
The biggest threat targeting employers and payroll service companies that produce and store your W-2 is phishing scams. Cybercriminals will send a fraudulent email to a company’s accounting or human resources department in hopes of tricking it into giving login credentials to access the payroll service profile. Avoid clicking on any links or attachments from unknown senders.
Accountants aren’t the only ones who have been gearing up for tax season.
“There is a huge community of international cybercriminal gangs that primarily focus on tax season,” Simmons said. And if they file your return first, you’ll be staring down a major headache.