Cyber Security Awareness During Tax Season
January 18, 2024
Cyber security awareness is essential in our day-to-day on-line activities however this time of year, as tax season is about to begin, many tax filers and their tax firms (CPAs and other, “tax professionals”) are likely transferring more sensitive personal information online than at any other time of the year.
With the widespread use of tax software and related document upload capabilities, hackers and bad actors easily gained access to systems with weak security controls. The use of email between filer and tax professional is a fertile ground for fraud.
According to the IRS, it reports two-thirds of phishing reported to phishing@irs.gov are comprised of Business Email Compromise (BEC) or Business Email Spoofing (BES). Impersonation of IRS agents, state tax agents, tax software companies or financial institutions offer various services, specialties in specific tax programs, or warn of incomplete filings and ask for the email recipient to click on a link to provide the missing information. Other scenarios feature fraudsters posing as trusted organizations, or even as a friend (they spoof a sender from your sender list). The IRS says that taxpayers should remain vigilant to phishing scams and always reach out to a known contact source using a phone number or email that is independently known to be the accurate contact information. Taxpayers are warned not to trust links, phone numbers, or callers whether contact is via email or phone when it comes to tax matters.
The IRS also shares a that tax professionals are falling victim to hacking and data breaches. Tax professionals are being spoofed by criminals posing as tax filers. Make sure your tax professional is up to date in their cyber protections, software (operating system, virus, and malware protection) and training. The IRS and its partners are assisting tax professionals with a quick start for them to develop a Written Information Security Plan (WISP). It is important for tax filers who use tax professionals to know that the Federal Trade Commission (FTC) requires all tax professionals to have a WISP.
Other tips to stay safe online not only during this time of the year, but throughout the year:
- Use a password manager and create strong passwords: Strong passwords are critical to protecting data and one of the easiest steps to take towards cyber security. When creating strong passwords, one should avoid personal names, addresses, common phrases, sports team names, or a series of numbers. A password manager is best for creating strong passwords. Passwords that are easily remembered make it easier for a cyber criminal’s password hacking software to decode. Characteristics that make a password hard to remember also make passwords hard to crack.
- Turn on multifactor authentication (MFA): You need more than a password to protect your online accounts and enabling MFA makes you significantly less likely to get hacked. Enable multifactor authentication on all your online accounts that offer it, especially email, social media, and financial accounts. These can take the form of randomized numeric codes delivered through an application on your mobile device or via text message or a face or other bio identification scan. Once MFA is enabled it becomes more difficult for hackers to gain access to your accounts. MFA provides an additional layer of security in addition to username plus passwords when logging into accounts and applications.
- Update software: Ensuring your software is up to date is the best way to make sure you have the latest security patches and updates on your devices and applications. Updates should be installed as soon as possible. Regularly check manually for updates on your laptop and phone if automatic updates are not available and keep operating systems, antivirus software, web browsers, and applications up to date. Software updates fix bugs or loopholes attackers can exploit to gain access to your data.
- Recognize phishing: Phishing emails, texts, and calls are the number one-way data gets compromised. Be cautious of unsolicited emails, texts or calls asking for personal information. Avoid sharing sensitive information or credentials over the phone or by email unless necessary and don’t click on links or open attachments sent from unknown sources. Verify the authenticity of requests by contacting the individual or organization through a trusted channel. It is important to learn to recognize the signs of phishing and to stop and think before acting on and email or other type of message as this can go a long way towards keeping you safe from phishing scams.
- Extra step for personal data transfer: only use secure portals or email to transfer personal information. Many tax professionals provide a secure file upload portal.
Cyber criminals are constantly coming up with new ways to steal your data, so it is important to try and stay one step ahead of them by using these preventative measures.