Online tax season is rife with phishing scams as cybercriminals try to fool us into giving away our private information. Make sure you stick to the following 5 tips, before you file, to outsmart their antics:
Imposters might solicit information from you through email. Scam messages typically contain dire warnings or outrageously large promises for a refund.
The messages often are presented as if they originate from the IRS, HMRC, or the Social Security Administration but contain links leading to phishing Web pages (where your banking, credit card, and personal details are stolen), or malicious attached files instead.
It’s important to know that the IRS does not discuss tax information via email, nor do they ever send warnings, advice, links to their website, or ask for information through email.
Tip: If you receive such a message, don’t reply to the sender, don’t open any attachments, don’t email your personal information, and don’t click on any links in the message. If you are concerned about the contents of the message, go directly to your government tax agency’s website or speak to a representative at your local office.
When you enter keywords into search engines like Google, the search results you see first have been "Search Engine Optimized" (SEO) to be relevant to your search. The problem is, some online tax scammers have researched and predicted our top tax-related search keywords and trends in order to propel their malicious sites to the top of your search results, ahead of even legitimate tax sites—making them easy to trust and highly clickable.
This is dangerous because when you are directed from Google to one of these Black Hat SEO sites, as they are called, you can expose your personal and financial information to whatever traps they’ve set for you on their site. This is especially true for searches related to locating important tax documents.
Tip: Don’t use search engines to look for tax documents and tax information. Go directly to government sites to find tax forms and get your questions answered (these sites are usually indicated by ".gov" instead of ".com").
Also, you should always download the latest updates to Windows, as well as any non-Microsoft applications (such as Adobe Reader, Foxit Reader, or whatever application you use to read .PDF documents). These updates can help prevent infections that take advantage of security vulnerabilities in those products.
Social networking sites like Facebook, which alone accounts for over 50% of shared content online, have become one of the biggest targets for online scammers in recent years. And "likejacking" is a good example of how those scammers are finding success.
Likejacking works like this: online scammers place a malicious link underneath the Facebook Like button on a third-party website. Once you click on that Like button, a link (typically to a video) will automatically appear in your News Feed on Facebook—without your knowledge—with a status message that relates to a popular topic, such as tax preparation during tax season.
When your friends and family click on the content they think you are sharing, they will be sent to a phishing or spam site that may use Facebook log in credentials to steal personal information, download malicious content, or use their site visit as a method to increase site traffic and advertising revenue.
Tip: Make sure you a) go to your Facebook privacy settings to edit what content gets shared with apps, games, and websites; b) go to your Facebook account settings to make sure "secure browsing" is enabled; c) don’t choose a tax preparation service or pursue promises or tax refunds purely on the basis of a Facebook post; and d) ask your friends about suspicious links or videos to verify if the content is real.
If you’re using software to prepare your taxes, keep it safe. If the application offers password protection, use it. Remember that browsers sometimes transmit information insecurely, and that a nefarious user can sniff that information if you use an open, unencrypted wireless Internet connection, whether you happen to be in public (such as in a coffee house), or in your living room.
If you plan to file your taxes online, or work with any website that holds your sensitive financial information, don’t use an open wireless connection to do it, and make sure to use a very strong password.
Tip: One trick to creating stronger passwords is to create a memorable sentence that includes a number, such as, "The Rockies will win the World Series in 2012." Then take the first letter of each word, and the number, to form your password: TRwwtWSi12.
Make sure to use some upper- and lower-case letters—and don’t use anything easily recognizable or guessable, like birth dates, your pets’ or kids’ names, license plates, phone numbers, or street addresses.
Perform a full scan of the computer with an up-to-date antivirus program before you file or research tax-related content online. Also do this before you log into your bank account or any other website that may hold your private financial data, including your online tax filing service.
After you file, erase the history of the sites you’ve visited, delete files that retain private information, and remove other data from your system with privacy software. If you file your taxes online, clear out the browser’s cache when you’ve finished, too. Webroot® SecureAnywhere™ products will help you do this.
Tip: We recommend collecting your forms and tax return documents and burning them to a CD or DVD, which you file in a folder somewhere, or backing them up securely online. Delete the tax record documents and returns from your computer’s hard drive (preferably using a utility that can perform a secure wipe of the data), and clear the browser’s cache using the browser’s own privacy settings.
Also, if you’re going to send files to your accountant (PDFs or Quicken records) encrypt the email attachments. Adobe Acrobat and Quicken both permit you to password-protect the data.