Written by Sander Van Hezik, Excerpts from Avast Software
Don’t Get Scammed This Tax Season
Filing your taxes online can make you a potential target for cybercriminals and their many niche, tax-related scams. Save yourself some stress by using the right tools and following tips on how to avoid scams this tax season.
Here are three examples of these scams and security risks, and how to avoid them when you file your taxes this year.
1. Ghost tax preparers
A ghost tax preparer is someone who will prepare your taxes but refuse to sign the return. By law, anyone who is paid to prepare or assists in preparing federal tax returns must sign and include their preparer’s tax identification number (PTIN). Instead, ghost tax preparers will print the return and get the taxpayer to sign and mail it, or they will refuse to digitally sign e-filed returns, often because they don’t want to be responsible for the consequences. This unethical practice exposes you to a frightening array of problems. And should those problems lead to an audit, the ghost tax preparer is long gone, leaving you, the taxpayer, to brave it on your own.
How to avoid being scammed
It’s important to remember that ultimately you are responsible for all the information on your tax return, no matter who prepares it. So, make sure you choose your preparer wisely.
- Do – Check the preparer’s qualifications. You can search the IRS directory to find preparers with credentials and qualifications recognized by the IRS.
- Do – Review before signing. Always review the tax return before your tax preparer signs and files. If it checks out, make sure the preparer signs and includes their PTIN.
- Don’t – Never sign a blank return. If your tax preparer asks you to sign the return they’ve prepared, run for the hills. But first, report them to the IRS.
- Do – Use a trusted tax-preparation service to E-file. Filing your return electronically is the fastest way to get your refund if you have one due. To ensure that you get your tax filing done safely and securely, check out TurboTax. TurboTax provides a team of tax experts that are here to help you get your maximum tax refund.
- W-2 phishing scams
Phishing is a tactic that cybercriminals use to trick you into giving them your sensitive information — such as usernames, passwords, or credit card numbers — by impersonating a trustworthy and reputable company or individual.
In a W-2 phishing campaign, attackers pose as someone high up in a company or organization, like the CEO, executive, or school principal. They then send emails to employees asking for copies of W-2 forms, which include all the personal information you need to file a tax return. Many of these phishing emails start with a friendly greeting before getting to the request, putting employees at ease before asking for the forms.
How to avoid being scammed
Don’t respond to emails, calls, or texts asking for your information. Never send W-2 or other tax information electronically without first verifying with your boss in person or on the phone that they actually sent the request in the first place. While it might seem like a hassle, it’s worth it to spend a few minutes verifying than spend years trying to undo any damage.
- IRS phishing scams
In an IRS phishing attack, the recipient will typically receive an “urgent” email (or phone call) claiming to be from the IRS with instructions to follow a link and fill out a form. There are many tactics to entice the receiver to click, such as:
- The IRS needs you to update your online profile
- You qualify for a refund
- A notice that your credit card was fraudulently used, but you can recover some of the money
- You’re due a large sum of lottery money, tax refund, or inheritance
In both phishing cases, look out for generic greetings (instead of your name), poor grammar or typos, conflicting web addresses, and web addresses for known businesses that are slightly off.
How to avoid being scammed
Don’t click, download or reply. Don’t click on links in emails from the IRS. The real IRS doesn’t initiate contact with Americans via email, text, or social media. We can’t stress this enough – the IRS will NEVER email you regarding any amount owed, or due. They will almost always contact you via the U.S. Postal Service. Even then, it’s smart to compare any mail you’ve received to the forms listed on the IRS’s official website.
Do – Use software that has added protection against phishing scams. Secure Browser Anti-Phishing solution in the desktop browser is the first line of defense against malicious threats. It verifies that the website you’re visiting is legitimate and free from any malicious threats.
Update your software: Don’t ignore software updates. Make sure all your devices and the software on them are up-to-date and protected against threats. Software updates often contain “patches” that correct security holes the company has detected. As a result, outdated software leaves you open to attack.
Use strong passwords: Keep your own security as tight as possible with strong passwords that are each unique to their own accounts. Additionally, use multi-factor authentication whenever possible. This combination of strong password and multi-factor authentication is like using a lock and a deadbolt: They’re effective on their own, but you’re much safer with both than with one.
Use a VPN on public Wi-Fi: Keep all your data as private as possible by using a virtual private network (VPN), especially if you’re connecting to a public Wi-Fi on your mobile device. A VPN encrypts all of your internet traffic, ensuring that no one (like thieves trying to steal your tax information) can see the personal information you’re sending online.
Make sure the website you’re visiting uses SSL (Secure Sockets Layer) encryption: The URL will begin with https, not http. That means the site is encrypted and secure.