Buzz
Filing your taxes from the comfort of your home is incredibly convenient. Whether you're using a tax preparer or one of the many online services, you barely need to speak on the phone anymore. Forget in-person meetings—just send your forms online, and your tax professional will handle everything else.
However, this convenience has also made taxpayers vulnerable to scammers who are looking to steal sensitive personal information being exchanged. According to a report by data security firm Proofpoint, which was featured by Threatpost.com, hackers are particularly targeting tax prep businesses this season, and your personal data could be at risk.
Scammers are using several different methods to try and steal personal data:
Scammers target small tax preparation businesses by sending deceptive emails that encourage the user to install malware. Once infected, the scammer takes control of the computer and alters the company’s website to mislead consumers who click on altered elements, furthering the attack.
Scammers impersonate trusted contacts, claiming they are sending an attachment you need to open. Clicking on it installs malicious software that gives the scammer control of your device.
Although you can't prevent everyone from falling for phishing scams, adopting a healthy level of skepticism can help protect your finances, not just during tax season but throughout the year.
“When people are informed about these tax scams, they feel more confident and empowered to hang up on the scammer or delete the suspicious email or text message, avoiding future trouble,” said Eric Kron, security awareness advocate at KnowBe4. “It’s like a magic trick: once you understand how the redirection works, spotting it becomes easy.”
Carefully Select Your Tax Preparer
The first step in safeguarding your information during tax season is thoroughly vetting your tax preparer.
“Once you’ve selected your tax professional, be sure to thoroughly vet them,” advised Patrick Hanzel, a CFP and advanced planning specialist at Policygenius. “Request their preparer tax identification number (PTIN), which is issued by the IRS to all tax preparers as proof of legitimacy. You may also want to inquire about other credentials, such as whether they are a Certified Public Accountant (CPA) or a tax attorney.”
When it comes time to send your documents, don't rely on email to keep them secure. “Use an encrypted file-sharing service when sending your tax forms to your tax professional—don’t just attach them to an email,” he advised.
Always use an encrypted file-sharing method to send tax documents—avoid simply attaching them to an email.
“A responsible tax preparer should always request that all documents be sent securely, no matter what online tools they are using,” explained Richard Bird, chief customer information officer at Ping Identity.
If your tax preparer seems to be cutting corners, that’s a major red flag. “‘If they suggest sending a document without using a secure file-sharing service, take it as a strong signal to find another preparer,” Bird said.
Bird also suggested exercising caution with any tax preparer who appears to be using the free version of software or online platforms to assist you. “Government audits have clearly demonstrated that ‘free’ tools associated with tax filing are significantly less secure than paid alternatives,” he said.
Don’t drop your email defenses
But what if you receive an email claiming to be about your taxes? Perhaps it’s from someone at your workplace saying they have the W-2 form you need. Or maybe your tax preparer sends an email asking you to review an attached document.
What should you watch for if you receive an email that raises suspicion?
Tim Sadler, cofounder and CEO of software company Tessian, provided this brief checklist to follow before opening any email attachments:
Verify the sender.
Do the names and email addresses match up? Does the agency or person appear legitimate? Scammers often exploit the fact that mobile email clients show only a display name instead of the full email address, and they may change the display name to someone the victim knows.
Look for mistakes.
Are there spelling errors? Is the grammar poor?
Take your time.
If you have doubts, contact the organization or agency directly to verify the sender. Avoid downloading attachments or clicking links unless you’re certain they’re safe.
Stay cautious.
Would you normally expect to receive an email on this topic from this sender? If not, question the legitimacy of the message.
If you receive a suspicious email, report it to the Federal Trade Commission. Let the person who supposedly sent you the message know too. A reliable tax preparer will appreciate being informed of any potential security issues they need to address immediately.
