Howard Poston

View Original

Preparing for the Cyber Risks of Tax Season

With the beginning of 2021 comes the start of 2020 tax season as well. While some people may wait until the middle of April to prepare their tax returns, cybercriminals are already gearing up to start targeting this sensitive data. Securing your tax data requires an understanding of the potential threats and best practices for protecting it.

The Value of Tax Return Data

Tax returns provide a wealth of valuable information for a cybercriminal. Obviously, access to a tax return from a previous year makes it possible to perform tax fraud for the current year. However, tax returns also contain a wealth of other data that can be used for fraudulent purposes, such as:

  • Personal Data: A tax return contains your full name, address, social security number (SSN), and similar personal data. This information is enough to perform tax fraud or to open up a credit card or bank account.

  • Spouse and Dependents: As part of filing joint taxes or claiming dependents, it is necessary to provide similar data for them as well. This potentially exposes them to the same tax and financial fraud. Additionally, this information can be used for spear phishing attacks or to try to guess your login passwords for online accounts (which hopefully aren’t based on kids’ names, birthdays, etc….)

  • Financial Data: A tax return provides an in-depth look at your current financial status. This information could be used to inform ransomware attacks (how much are you able to pay in ransom?) or to help identify the banks that you use so that “you” can call after “forgetting” your password. Many of the answers to your security questions are also included in the return.

  • Charitable Donations: Your tax returns may include information regarding charitable donations that you have made this year. This information may be used to impersonate you when communicating and scamming a charity.

The information contained within a tax return is highly sensitive and can be misused in a number of different ways. It is vital to ensure that this data is properly protected against unauthorized access and exposure to cybercriminals.

How Cybercriminals Get Your Tax Returns

The data contained within a tax return is extremely valuable to a cybercriminal. For this reason, they are willing to put in the effort to steal it using a variety of different techniques:

  • Phishing Emails: Phishing is the most common type of cyberattack, and it works well for this type of scam. If a phisher impersonating the IRS, your bank, or a similar institution can convince you to hand over login credentials or a copy of your return, then the attacker has everything that they need.

  • Vishing: Voice phishing or “vishing” is phishing over the phone. The same techniques apply here as well (and over social media, in person, etc.). The attacker will pretend to be someone in authority and try to talk you into providing sensitive data.

  • Malware: Some forms of malware are specifically designed to search for and steal financial data from a computer. These malware can look for copies of tax returns on your computer and send the entire return or extracted high-value data to the attacker.

Anyone who contacts you and tries to get you to provide information about your tax return over the phone. Always verify the authenticity of a request by contacting the alleged requestor through official channels such as the email or phone number listed on an official site (like irs.gov).

Protecting Your Personal Data

Tax season is one of the times of highest activity for cybercriminals and scammers. To keep your data safe, take the following simple steps:

  • Watch Out for Scammers: Social engineering (including phishing, vishing, and more) is a common way to steal tax return data. Always verify requests before providing any information.

  • Use an Antivirus (AV): A malware infection can allow a cybercriminal to steal your personal data or cause other damage to your computer. Keep your AV up to date and run it regularly to help detect and remove malware from your computer.

  • Use a File Encryption Solution: Files stored unencrypted on your computer can be stolen by malware and other means. A file encryption solution like GhostVolt ensures that an attacker can’t use the data in your tax return even if they steal the file.