3 security risks to beware of this tax season

Sander van Hezik 4 Feb 2022

Don’t Get Scammed This Tax Season | Avast Secure Browser

Filing your taxes online can make you a potential target for cybercriminals and their many niche, tax-related scams. Save yourself some stress by using the right tools and following our tips on how to avoid scams this tax season together with Avast Secure Browser.

Just how common are these scams?

Let’s let the data speak for itself.

  • 17,000 people have fallen victim to scams in May 2020 alone.
  • 1.5 billion attacks blocked on average each month.
  • 33 million phishing attacks and nearly 3 million unique phishing URLs blocked each month.
  • 4 million ransomware attacks blocked each month.
Here are three examples of these scams and security risks, and how to avoid them when you file your taxes this year.

1. Ghost tax preparers

A ghost tax preparer is someone who will prepare your taxes, but refuse to sign the return. By law, anyone who is paid to prepare or assists in preparing federal tax returns must sign and include their preparer’s tax identification number (PTIN). Instead, ghost tax preparers will print the return and get the taxpayer to sign and mail it, or they will refuse to digitally sign e-filed returns, often because they don’t want to be responsible for the consequences. This unethical practice exposes you to a frightening array of problems. And should those problems lead to an audit, the ghost tax preparer is long gone, leaving you, the taxpayer, to brave it on your own.

How to avoid being scammed

It’s important to remember that ultimately you are responsible for all the information on your tax return, no matter who prepares it. So make sure you choose your preparer wisely.

  • Do - Check the preparer’s qualifications. You can search the IRS directory to find preparers with credentials and qualifications recognized by the IRS.

  • Do - Review before signing. Always review the tax return before your tax preparer signs and files. If it checks out, make sure the preparer signs and includes their PTIN.
  • Don’t - Never sign a blank return. If your tax preparer asks you to sign the return they’ve prepared, run for the hills. But first, report them to the IRS.

  • Do - Use a trusted tax-preparation service to E-file. Filing your return electronically is the fastest way to get your refund if you have one due. To ensure that you get your tax filing done safely and securely, we recommend checking out TurboTax. TurboTax provides a team of tax experts that are here to help you get your maximum tax refund. If you’re on desktop, you can access TurboTax directly from the Avast Secure Browser New Tab page.

2. W-2 phishing scams

Phishing is a tactic cybercriminals use to trick you into giving them your sensitive information — such as usernames, passwords, or credit card numbers — by impersonating a trustworthy and reputable company or individual.

In a W-2 phishing campaign, attackers pose as someone high up in a company or organization, like the CEO, executive, or school principal. They then send emails to employees asking for copies of W-2 forms, which include all the personal information you need to file a tax return. Many of these phishing emails start with a friendly greeting before getting to the request, putting employees at ease before asking for the forms.

How to avoid being scammed

Don’t respond to emails, calls, or texts asking for your information. Never send W-2 or other tax information electronically without first verifying with your boss in person or on the phone that they actually sent the request in the first place. While it might seem like a hassle, it’s worth it to spend a few minutes verifying than spend years trying to undo any damage.

3. IRS phishing scams

In an IRS phishing attack, the recipient will typically receive an “urgent” email (or phone call) claiming to be from the IRS with instructions to follow a link and fill out a form. There are many tactics to entice the receiver to click, such as:

  • The IRS needs you to update your online profile
  • You qualify for a refund
  • A notice that your credit card was fraudulently used, but you can recover some of the money
  • You’re due a large sum of lottery money, tax refund, or inheritance

In both phishing cases, look out for generic greetings (instead of your name), poor grammar or typos, conflicting web addresses, and web addresses for known businesses that are slightly off.

How to avoid being scammed

Don’t click, download or reply. Don’t click on links in emails from the IRS. The real IRS doesn’t initiate contact with Americans via email, text, or social media. We can’t stress this enough – the IRS will NEVER email you regarding any amount owed, or due. They will almost always contact you via the U.S. Postal Service. Even then, it’s smart to compare any mail you’ve received to the forms listed on the IRS’s official website.

Do - Use software that has added protection against phishing scams. Avast Secure Browser’s Anti-Phishing solution in the desktop browser is the first line of defense against malicious threats. In 2020 alone, our technology successfully blocked 33,527,922 phishing attacks and 2,703,573 unique phishing URLs, significantly outperforming other browsers’ anti-phishing solutions.

This technology leverages Avast’s best-in-class threat detection – it’s designed to keep you safe by preventing access to phishing, malicious webpages, and downloads. It verifies that the website you’re visiting is legitimate and free from any malicious threats.

If you want to add another layer of protection, use the built-in Bank Mode to create a virtual desktop – protecting you from injection of malicious scripts, keystroke logging, and screenshot attempts by third-party apps.

Further reading: A tale of two phishes: coronavirus safety and W-9 forms

Bonus tips

Update your software: Don’t ignore software updates. Make sure all your devices and the software on them are up-to-date and protected against threats. Software updates often contain “patches” that correct security holes the company has detected. As a result, outdated software leaves you open to attack.

Use strong passwords: Keep your own security as tight as possible with strong passwords that are each unique to their own accounts. Additionally, use multi-factor authentication whenever possible. This combination of strong password and multi-factor authentication is like using a lock and a deadbolt: They’re effective on their own, but you’re much safer with both than with one.

Use a VPN on public Wi-Fi
: Keep all your data as private as possible by using a virtual private network (VPN), like the one built into Avast Secure Browserespecially if you’re connecting to a public Wi-Fi on your mobile device. A VPN encrypts all of your internet traffic, ensuring that no one (like thieves trying to steal your tax information) can see the personal information you’re sending online. Want to use a VPN on more than just your mobile browser? Avast SecureLine VPN is your solution!  

Make sure the website you’re visiting uses SSL (Secure Sockets Layer) encryption: The URL will begin with https, not http. That means the site is encrypted and secure.

Make sure the website you’re visiting uses SSL (Secure Sockets Layer) encryption: The URL will begin with https, not http. That means the site is encrypted and secure.

  • In May 2020 alone, 17,000 people are believed to have fallen victim to scams like the ones listed here.
  • On average, we blocked 1,524,909,287 attacks and 218,800,060 files each month in 2020.
  • 4,186,728 ransomware attacks blocked each month in 2020, on average.
  • Using our mobile threat intelligence platform, apklab.io, Avast has tracked and blocked more than 3,300 malicious apps to date.


--> -->