The April 15 tax deadline is quickly approaching, and many New Yorkers are still preparing to file their state and federal income taxes. A massive amount of personally identifiable information (PII) is exchanged during tax preparation season, leaving taxpayers vulnerable to data and identity theft. Americans are stressed and pressed for time as this deadline draws closer and may not always follow best practices when filing their taxes.
Cybercriminals can take advantage of even a brief lapse in judgement. Bad actors can employ several different methods to steal data through tax returns. They often pose as legitimate organizations, such as the Internal Revenue Service (IRS) or financial institutions, in an attempt to defraud taxpayers. Phishing emails, malware and fake websites are also common tools used to gain access to PII.
Once criminals have access to this data, they can commit identity theft and even file fraudulent tax returns, with devastating financial consequences for the victim. According to the Treasury Inspector General for Tax Administration, in 2023, over 1.1 million tax returns were flagged as potentially fraudulent, with accumulative refunds in these returns totaling over $6 billion.
Luckily, with a few simple precautions, it’s easy to file taxes safely and protect your data.
- File your taxes as early as possible. Tax identity theft occurs when a scammer that has obtained a victim’s Social Security number (SSN) uses it to file a fake tax return in their name and collect their refund. The target may not discover the fraud until they try to file your real tax return, which the IRS will reject as a ‘duplicate’ filing. The IRS will only accept one return per SSN, so file as soon as possible to close that window of opportunity and stop scammers in their tracks.
- Use a secure, reputable tax software or preparer: Thoroughly research and choose a trustworthy, popular e-file software provider that offers robust security measures. A list of e-file software can be found on the NYS Department of Taxation and Finance website. Working with a professional tax preparer or accountant is possibly the best way to avoid audits and maximize your refund, but this method also comes with risks. Consider your choice of preparer/preparation company carefully, as they will have access to large amount of your personal information, and verify how they plan on protecting your information. Ask them the following questions:
How will we exchange files and sensitive information??
Who at your firm will have access to my data??
Are our communications end-to-end encrypted??
What types of network security have you implemented?
How do you back up client data?
- Use an IRS Identity Protection PIN (IP PIN). You can obtain a special Identity Protection Personal Identification Number (IP PIN) to secure your online tax information. An IP PIN is a six-digit number unique to you, that prevents a scammer from filing a tax return using your SSN.
- File using a secure internet connection. Avoid filing taxes using public Wi-Fi networks, as they are often unsecured and vulnerable to cyberattacks. Criminals often scan popular public Wi-Fi networks to steal sensitive data. To minimize the risk of your data being intercepted, always use a secure, password-protected internet connection at home to file your taxes and check any financial accounts.
- Enable multifactor authentication. Protect your online accounts by enabling multifactor authentication (MFA) wherever possible. This additional layer of security helps prevent unauthorized access to your accounts, even if your login credentials wind up in the wrong hands.
- Beware of and report phishing attempts. Imposters posing as IRS agents can claim you owe taxes and demand you pay immediately by gift card or prepaid debit card. These requests will appear to be urgent, with punishment being imminent if demands are not met. Taxpayers will never receive an unsolicited email, text message, or social media message from the IRS requesting personal or financial information. This includes requests for personal ID numbers (PINs), passwords, or similar access information for credit cards, banks, or other financial accounts. The IRS will always send any necessary communications via a letter sent by physical mail through the United States Postal Service. Any communication can be confirmed by calling the IRS directly at 800-829-1040. Fraudulent communications can and should be reported:
- If you receive a suspicious email claiming to be from the IRS, do not reply or click on attachments and/or links. Forward the email as-is to [email protected] and delete the original email.
- If you receive a suspicious text message related to your tax return, do not reply or click on attachments and/or links. Forward the text to 202-552-1226 (standard texting rates apply), and delete the original message. If you already clicked on links in the text message and entered confidential information, visit the IRS's identity theft guide for resources.
- If you find a website that claims to represent the IRS and suspect it is fraudulent, send the URL of the suspicious site to [email protected] with subject line, "Suspicious website."
- If you are a victim of any of the above scams involving IRS impersonation, please report to [email protected], and file a report with the Federal Trade Commission and the police.
During tax season, and throughout the year, prioritizing cyber hygiene is crucial to safeguard your personal and financial information. By following these tips and staying vigilant against cyberthreats, you can file your taxes with confidence, knowing that your data is secure.
