Tips for filing your taxes safely and securely
The time of the year that we know and love has rolled around again — it’s tax season. In addition to the headaches that come along with filing one’s taxes, there are a number of security risks that some taxpayers might not be aware of.
The truth is that the materials and processes required for filing taxes are opportune for cybercriminals, as they leave room distributing niche, tax-related scams. Here are three examples of these scams and security risks, plus ways to avoid them while you file your taxes this year.
A ghost tax preparer is someone who will prepare your taxes, but refuse to sign the return. By law, anyone who is paid to prepare or assists in preparing federal tax returns must sign and include their preparer’s tax identification number (PTIN). Instead, ghost tax preparers will print the return and get the taxpayer to sign and mail it, or they will refuse to digitally sign e-filed returns, often because they don’t want to be responsible for the consequences. This unethical practice exposes you to a frightening array of problems. And should those problems lead to an audit, the ghost tax preparer is long gone, leaving you, the taxpayer, to brave it on your own.
It’s important to remember that ultimately you are responsible for all the information on your tax return, no matter who prepares it. So make sure you choose your preparer wisely.
Phishing is a tactic cyber criminals use to trick you into giving them your sensitive information — such as usernames, passwords or credit card numbers — by impersonating a trustworthy and reputable company or individual.
In a W-2 phishing campaign, attackers pose as someone high up in a company or organization, like the CEO, executive, or school principal. They then send emails to employees asking for copies of W-2 forms, which include all the personal information you need to file a tax return. Many of these phishing emails start with a friendly greeting before getting to the request, putting employees at ease before asking for the forms.
Don’t respond to emails, calls, or texts asking for your information. If you work for a company, never send W-2 or other tax information electronically without first verifying with your boss in person or on the phone that they actually sent the request in the first place. While it might seem like more of a hassle, it’s worth taking the extra precaution, as the likelihood of this type of attack increases during tax season.3. IRS phishing scams
In an IRS phishing attack, the recipient will typically receive an “urgent” email claiming to be from the IRS with instructions to follow a link and fill out a form. There are many tactics to entice the receiver to click, such as:
In both phishing cases, look out for generic greetings (instead of your name), poor grammar or typos, conflicting web addresses, and web addresses for known businesses that are slightly off.
Don’t click, download or reply. As a rule of thumb, don’t click on links in emails from the IRS. That’s because the real IRS doesn’t initiate contact with Americans via email, text, or social media.
Avast Secure Browser’s Anti-Phishing solution in the desktop browser is the first line of defense against malicious threats when browsing the internet. Our new technology outperforms other anti-phishing modules in other browsers.
This new technology leverages Avast’s best-in-class threat detection by keeping you safe by preventing access to phishing and other malicious webpages as well as downloads. We make sure that the visited website is not malicious and check if it's legitimate. On top of that, you can open Bank Mode to ensure you have even a safer connection as it will make a virtual desktop to protect you against injection of malicious scripts, keystroke logging, and screenshot attempts by third-party apps.
Further reading: A tale of two phishes: coronavirus safety and W-9 forms
Use a VPN on public Wi-Fi: Keep all your data as private as possible by using a virtual private network (VPN), like the one built into Avast Secure Browser, especially if you’re connecting to a public Wi-Fi on your mobile device. A VPN encrypts all of your internet traffic, ensuring that no one (like thieves trying to steal your tax information) can see the personal information you’re sending online. Want to use a VPN on more than just your mobile browser? Avast SecureLine VPN is your solution!
Make sure the website you’re visiting uses SSL (Secure Sockets Layer) encryption: The URL will begin with https, not http. That means the site is encrypted and secure.
Update your software: Don’t ignore software updates. Make sure all your devices and the software on them are up-to-date and protected against threats. Software updates often contain “patches” that correct security holes the company has detected. As a result, outdated software leaves you open to attack.
Use strong passwords: Keep your own security as tight as possible with strong passwords that are each unique to their own accounts. Additionally, use multi-factor authentication whenever possible. This combination of strong password and multi-factor authentication is like using a lock and a deadbolt: They’re effective on their own, but you’re much safer with both than with one.
Try searching your name and address in your favorite search engine. You’ll see pretty quickly just how much information is out there that you never consented to making public.
Here's how you can manage the information and data you’ve shared on devices and online.