Home
Cyber Risk Management

How To Avoid Cyber Attacks During a Particularly Risky Tax Season

Cybercriminals have always attempted to defraud taxpayers, but conditions have conspired to make this tax season particularly risky – from the tax issues surrounding COVID-19 payments to the increasing reliance on digital tax services. Taxpayers need to be aware of the cyberthreats they face and how to resist them.

May 3, 2021

Cybercriminals have always attempted to defraud taxpayers, but conditions have conspired to make this tax season particularly risky – from the tax issues surrounding COVID-19 payments to the increasing reliance on digital tax services. Taxpayers need to be aware of the cyber threats they face and how to resist them. This piece by Matt Lindley, COO and CISO at NINJIO would be especially valuable for your readers (in either the security or finance sections) as we approach this year’s extended tax deadline. 

Tax season is stressful enough for millions of Americans without the possibility that they could become victims of a tax-related cybercrime. But this is an ever-present threat – cybercriminals are constantly looking for attack vectors to exploit, and tax season presents countless opportunities to steal personal information and defraud their victims. This particular tax season presents a slew of unique risks. 

The IRS recently announcedOpens a new window that the deadline for federal income tax filing has been pushed to May 17, which gives cybercriminals an opening to contact taxpayers with false information about what they’re required to do. The continued COVID-19 pandemic presents another pretext for bad actors to issue fraudulent alerts and request sensitive information. Add to these circumstances the fact that the tax preparation process is more digitized than ever, and it’s clear that taxpayers have to be extra cognizant of security concerns this year. 

Education is the first step toward tax cybersecurity and avoiding human error, so let’s take a closer look at what taxpayers need to know. 

Learn More: How To Stop the Credential Theft Problem: A Comprehensive Approach

Tax Fraud Is a Major Cybersecurity Threat

Cybercriminals have long recognized that the tax system is one giant attack vector. Not only are huge sums of money digitally transferred to the government every year, but taxpayers are also susceptible to many forms of coercion and misleading information – especially during tax season. According to dataOpens a new window from the IRS, the agency prevented $24 billion in fraudulent refunds from being processed between 2015 and 2018 – a number that doesn’t include all the successful instances of fraud. 

These attacks aren’t just attempts to steal from the government – they can also have broader cybersecurity implications for victims. For example, even as the IRS successfully reduced the amount of fraudulent refunds that were being filed, it reported that tax-related identity theft actually increased. 

Tax documents contain a trove of sensitive information that cybercriminals want to access, from social security numbers to taxpayer identification numbers. Many cyberattacks target tax preparers to steal their credentials, which can then be used to generate fake W-2s and facilitate fraudulent wire transfers. 

While the IRS and financial services companies are trying to strengthen their systems to prevent breaches, taxpayers themselves are still the first line of defense against cyberattacks. As cybercriminals attempt to exploit shifting deadlines and other COVID-related tax developments, it will be all the more important for filers to know how to defend themselves. 

Learn More: 3 Ways AI Address the Human Error Problem Plaguing Organizations

Taxpayers Need To Be on Their Guard

Beyond the fact that cybercriminals are becoming more sophisticated and adaptable all the time, this tax season presents an especially long list of threats. Cyberattacks have been on the riseOpens a new window during the pandemic, as people are eager for information about shifting government policies, remote work opportunities, vaccine availability, and a range of other issues. This has led to an ever-expanding list of COVID-19 scams, such as fake government alerts, offers of remote work, and requests for charitable donations. 

The government has sent out several COVID-19 relief checks, and the IRS has issued warningsOpens a new window about how cybercriminals have been using these payments to defraud taxpayers and steal their identities. Many taxpayers who haven’t received one or more of their checks are eligible for the 2020 Recovery Rebate CreditOpens a new window – another attack vector for these scammers to leverage. 

According to the Government Accountability Office (GAO), around 90 percentOpens a new window of taxpayers file their taxes digitally – either on their own or through a paid preparer. One recent surveyOpens a new window found that the use of online versions of tax software steadily increased between 2016 and 2020. The digitization of tax services, coupled with the influx of cyberattacks in the COVID-19 era, should make all tax filers extra wary this tax season. This won’t just ensure that their taxes are handled securely – it will also prevent them from becoming victims of identity theft or some other cyberattack down the road. 

How Taxpayers Can Defend Themselves

No matter how many safeguards the government and financial services companies put into place, taxpayers will still be at risk if they don’t know how to identify scams. Here are the top red flags taxpayers should be looking for and strategies for staying safe this tax season: 

  • Coercive or threatening language in communications that are purported to be from the IRS or some other government agency should always be distrusted. Taxpayers should also be suspicious of demands for immediate action that are followed by a specific threat (i.e., if you don’t set up an account within 72 hours, you will face legal action). 
  • The government is neverOpens a new window going to demand payment through some specified channel, such as a wire transfer, a pre-loaded card, or through the creation of a new account. 
  • Always confirm the authenticity of email communications or phone calls by contacting the IRS or visiting its website directly. 
  • Never send sensitive information without confirming the identity of the recipient and using the official channels provided by the IRS. 
  • Always hover your cursor over links in email messages to ensure that they’re redirecting you to legitimate websites, and don’t click on suspicious links or attachments.
  • If you think you’ve been the victim of a cyberattack, contact the IRS, FBI, or local authorities immediately

While cybersecurity may not be top of mind as you prepare to file your taxes this year, taking steps to keep your personal information secure will prevent a chore from becoming a crisis. After all, nobody wants tax season to be even more frustrating and costly than it already is.

Let us know if you liked this article on LinkedInOpens a new window TwitterOpens a new window , or FacebookOpens a new window . We would love to hear from you!

COVID-19 Cybersecurity
Take me to Community
Do you still have questions? Head over to the Spiceworks Community to find answers.

Recommended Reads

Top Tips to Stay Safe During Black Friday and Cyber Monday
Cyber Risk Management

Top Tips to Stay Safe During Black Friday and Cyber Monday

SMBs: Cybersecurity Is Everyone’s Responsibility
Cyber Risk Management

SMBs: Cybersecurity Is Everyone’s Responsibility

Cybersecurity Frameworks Explained
Cyber Risk Management

Cybersecurity Frameworks Explained

Why Transnational Cooperation Is Key in the Battle Against Cross-Border Cybercrime
Cyber Risk Management

Why Transnational Cooperation Is Key in the Battle Against Cross-Border Cybercrime

Safeguarding Elections from Cyberthreats
Cyber Risk Management

Safeguarding Elections from Cyberthreats

Fact or Fiction: Combatting Deepfakes During an Election Year
Cyber Risk Management

Fact or Fiction: Combatting Deepfakes During an Election Year