By Mike Kronenberg
Getting ready to file your taxes online — and doing it at the last minute? Well, cyber-scammers are ready for you. Thieves are schemers, and they’ve got a bag full of tricks to steal your identity. You might even be doing things to make their job easier. And if you use a PC at work to do your return, identity theft could be as simple as a crook (or an unscrupulous coworker) digging around and finding sensitive files.
One might send you an e-mail that offers a quick refund — or a warning about a problem with your already-filed tax return. Maybe they’ll pitch you with an expert’s review of your tax return, or helpfully offer advice, asking for all the sensitive financial details you’d normally put on your return so they can “look up your account.”
Here are eight tips to stay one step ahead of these virtual pickpockets and protect yourself.
• Be Suspicious: Imposters might solicit information from you through e-mail — and the e-mail might look real. But the IRS will not contact you by means of e-mail. Nor do they send warnings, advice, links back to their Web site, or anything else through e-mail.
• Deceptive Direct Deposits: Tempted by an e-mail or Web site claiming to come from an accounting firm that asks if you want your tax refund for an already-filed return direct-deposited to your bank account? That’s a red flag: the IRS doesn’t request banking info (though some tax filing Web sites, like TaxAct Online, do ask for your bank account and routing numbers if you request a direct deposit of your refund). More likely, filling out a direct deposit form with some random company serves only to supply a crook with enough details to access — and clean out — your bank account.
• Click Through to Internal Revenue: If you receive an e-mail with a link that says it goes to the IRS’s site, have a chuckle — and then delete the message. That’s because identity thieves can (and frequently do) create deceptive links called redirects, which have a remarkably realistic, honest-to-goodness IRS appearance. Click it, and you’ll land on a site with an equally authentic-looking IRS or state government logo. These bogus sites make it easy to be fooled.
Just remember, the only spot to electronically file your return is through a direct link to the IRS or an established tax-prep company, such as Intuit, Taxact, or H&R Block which can e-file on your behalf. The safest way to get to the IRS site is to manually type http://www.irs.gov directly into your browser’s address field. Ditto for your state tax agency.
• Easy Refunds, Errors on Returns: You may see emails from companies purporting to facilitate a quick refund for you. Likewise, phishers may also target you in the weeks after April 15 with emails telling you the IRS noticed something wrong or missing in your return. In both cases, hit delete. Don’t open any zipped attachments or follow links that purport to lead to the IRS’ Web site
• File Protection: If you’re going to send files to your accountant — PDFs or Quicken records — encrypt the e-mail attachments. Adobe Acrobat and Quicken both permit you to password-protect the data. Do so, and remember, don’t include the password in the body of the same email message in which you send the documents. Webroot Internet Security Essentials Backup feature includes 2GB of free, secure online storage, which is a great place to back up those tax return PDFs and supporting documentation. You can also use your Backup account to securely share those sensitive financial documents with your accountant, or anyone else.
• Keep it Current: You heard it before, but it’s still good advice: Make sure your anti-spyware and antivirus software are up to date. And double-check to see if you have a firewall in place.
• Password Potency: If you’re using software to prepare your taxes, keep it safe. If the application offers password protection, use it. A trick I use to create a strong password is to think up a memorable sentence including a number, like, “The Rockies will win the World Series in 2010.” Then take the first letter of each word, and the number, to form your password: TRwwtWSi10.
Make sure to use some upper- and lower-case letters — and don’t use anything easily recognizable or guessable, like birth dates, your pets’ or kids’ names, license plates, phone numbers, or street addresses.
• Wipe It Clean: When you’re done, erase the history of the sites you’ve visited, delete files that retain private information, and remove other data from your system with privacy software. If you file your taxes online, clear out the browser’s cache when you’ve finished, too. Webroot Internet Security Essentials or Window Washer will do all of these things for you automatically.