According to the Online Trust Alliance’s 2016 report on Internal Revenue Service e-file sites, the IRS blocked over $8 billion in fraudulent tax returns in 2015. And between January 15 and February 15 of 2016, over 400 fraudulent tax-related domains were registered, meaning that a lot of users are likely to be scammed out of money before taxes are due.
Tax fraud is on the rise, and filing your taxes online makes you a target. What can you do to make sure that you aren’t the victim of tax fraud this year?
How Does Tax Fraud Work?
Before we get into the details of staying safe, it’s good to understand exactly how criminals are looking to take advantage of your electronically filed tax information. One of the most common ways is by changing the bank account information on a tax return to redirect the tax refund to the scammer’s bank account. Once it’s there, it’s going to be really hard to get the IRS to send another one to you.
Another scam includes posing as a tax preparer to steal valuable personal information, which can then be used to access other accounts and steal or use money. The same information can often be gathered by an over-the-phone or email phishing scam in which the criminal pretends to be a member of the IRS. False tax preparers can also divert your tax return or require exorbitant fees while providing bad information.
There’s a wide variety of ways in which scammers are looking to take advantage of you this tax season, so make sure that you keep these basic tax fraud prevention tips in mind.
Make Sure You’re on an Encrypted Site
Every browser shows when you’re using an encrypted connection to a site, and it’s important to know what that sign is. Look for a padlock or another green symbol in the address bar and watch out for certificate warnings, as they could be a sign that a site has been compromised.
If you’re thinking about using an online e-file site and it doesn’t seem to be encrypted, don’t use it. That’s a basic measure of security that shouldn’t be missed, and any good tax website will know this.
It’s also a good idea to use extensions like HTTPS Everywhere to make sure that you’re going to get an encrypted connection to a site if there’s one available. And if you really want to be secure, use a virtual private network (VPN) to double-up on security.
Know How You’ll Be Contacted
This is a big one. In the United States, the IRS won’t call you or email you. They’ll only get in touch by mail. In other countries, this policy may be different, so make sure you know how your country’s tax service will get in touch. This will help you suss out phishing attempts like this one, which was sent to an MUO staffer:
There are all sorts of warning signs in this email besides the fact that Her Majesty’s Revenue & Customs (HMRC) aren’t likely to contact a taxpayer by email. For example, the recipient’s name isn’t used even once, only the email address. There are a few spelling errors, which seems rather uncharacteristic of HMRC. And there are a number of formatting irregularities.
If you were to be taken in, though, and click the “receive your refund” link, you’d be taken to this page:
It looks a bit like an HMRC site, but you’ll notice that there’s no padlock in the address bar, and the domain is www.garment8.com, which is definitely not affiliated with HMRC. Fortunately, Chrome warned me that this might be a malicious site and that it had been reported for phishing.
Ask about Security Measures
If you’re using a tax preparer instead of doing your own taxes, and your preparer asks you to share sensitive personal information, like your social security number, bank account information, or anything else that could be used in identity theft, ask why it’s needed and what measures are in place to protect it.
A preparer who knows what he’s doing will be able to answer these questions quickly and easily, while a scammer will probably be caught off-guard. Make sure that they’re using industry-standard methods of encryption and storage and that they delete that sort of information after a reasonable period of time.
Watch Out for Too-Good-to-Be-True Offers
A lot of people are frustrated by their taxes, desperate to reduce their tax burden, or totally confused by the whole process, and there are companies out there looking to take advantage of these feelings. Fraudsters (and even shady legitimate companies) will often tell you that they know of loopholes or special exemptions that you can claim to save thousands on your taxes.
And while there’s a possibility that you’ve missed some deduction or special exemption that could save you a lot of money, the chances are very low. It’s much more likely that you’re being fleeced. Figuring out your taxes is super complicated, but you’re going to have to pay — and the more you make, the more you pay (usually, anyway). So if it looks too good to be true, be very wary, as it probably is.
Be Careful on Free Public Wi-Fi
During tax season, cyber criminals are on high alert for people sending personally identifying information in many forms, including over unencrypted Wi-Fi networks. So if you’re at Starbucks or Costa, don’t do your taxes. There are a lot of reasons you should be careful on public Wi-Fi, and this time of year it’s especially dangerous.
Of course, sometimes you just need to get on the Internet in a public place, so you should be familiar with how to protect yourself. Using a VPN or SSH tunneling, for example, can help secure your browsing (though you probably still shouldn’t do your taxes). Remember that attackers could use your phone as a vector, as well, so use the same security measures when you connect your mobile to a Wi-Fi network.
Use Basic Security Sense
It’s not just fake tax preparer sites that you need to be aware of — as I mentioned, cyber criminals are on high alert during this time of year, so make sure that you’re following all of the basic tenets of personal security. Make sure your computer (even your desktop at home) has a password on it, and that your phone is protected by a code or pattern.
We tell you all the time about how important it is to have strong passwords, and this isn’t advice you should ignore, especially right now. Use a password manager (and protect it) to set up strong passwords for all of your important sites (and your unimportant ones, too, just to be sure).
Make sure your home network is secured, too, while you’re at it.
File Your Taxes Early
This is a tip that’s recommended by the IRS and the OTA, and it’s a really simple one. All you have to do is file your taxes as early as you can. Yes, it can be a huge pain to get everything figured out, but the less time that criminals have to ensnare you, the less likely you are to get caught by one of their schemes.
We’re getting close to tax day in the US, but it’s likely that it’s already passed in some other countries, or that you have several months yet. No matter when you’ll be filing taxes next, keep this tip in mind!
Taxes Are Difficult Enough
Taxes are complicated enough and take enough time already without having to worry about letting the tax authorities know that someone else filed under your name and stole your return, or that you were duped into claiming exemptions and deductions that you don’t really qualify for. Pay close attention this year to make sure you don’t become the victim of tax fraud to make sure it doesn’t get any more difficult!
Do you prepare your own taxes, or have someone else prepare them for you? Have you considered the security implications of your choice? What do you do to mitigate the chances of identity theft? Share your thoughts in the comments below!