top of page

Stay Safe from Cybercrime This Tax Season

The only people who look forward to tax season may well be the cybercriminals who are trying to steal your personal information. Identity theft is the fastest growing crime in America [1], and the most common type of identity theft is tax-related, where criminals fraudulently use someone’s Social Security number and personal information to file an income tax return and reap the rewards of a ill-gotten tax refund [2]. In addition to the typical phishing schemes this time of year, fraudsters have gotten even more brazen by impersonating executives or payroll department employees to request W-2 forms where they then can then file false tax returns or sell on them on the Dark Web. According to the IRS Return Integrity Compliance Service, reports of W-2 phishing emails increased 870 percent from 2016 to 2017.

And it’s not just tax season. Someone’s identity is stolen every 2-3 seconds [3] with an average loss per incident of $4,930. [4] It takes an average of 600 hours to recover from identity theft [5]. These crimes are far reaching -- 17.6 million people experienced identity theft in 2014 [6].

Add to this the 2017 Equifax breach, where more than 145 million Americans’ names, addresses, birthdates, Social Security numbers and other sensitive information were stolen, it is clear that the cybercrime swindlers are waging a relentless assault to access your information. However, even with the growing prevalence of data breaches and fraud, there are still ways you can keep your information safe.


" ... reports of W-2 phishing emails increased 870 percent

from 2016 to 2017. "


Here are a few steps to help protect your data:

1. As a general rule, you should always be careful about giving your personal financial information over the internet or phone. Don’t take the bait! Be suspicious of any email or communications (including phone calls, text messages, social media posts, or ads) with urgent requests for your usernames, passwords, credit card numbers, Social Security numbers, date of birth or other personal information. Remember, the IRS almost always communicates by mail, so be wary of the now ever-present IRS Impersonation phone or email scam.

2. Use long and strong, unique passwords to access all of your accounts. Don't use the same passwords for multiple accounts, and keep them private, updating them often. A good rule of thumb is to change your password every 90 days. Where available, you can also request a security token or other, so-called "two-factor" authentication method when accessing your accounts.

3. Surf the web safely and only use wireless networks you trust and know are protected. Be aware that secure websites start with https, not http. Whether perusing the web or reviewing unsolicited emails, avoid clicking on suspicious links and don’t send personal financial information via email. Inspect the email addresses of suspicious emails, even if the name seems recognizable. When you do click on a link, hover over the URL of the website you are directed to and verify it is actually the company’s website you expected. If a link asks for your information, consider holding off. Instead, go to the website by entering the Web address directly into your browser or by searching for it in a search engine. Don’t hesitate to call the company to verify the legitimacy of the request.

4. Review your credit card, bank, cell phone and other financial statements as soon as they are available. Contact your financial institution immediately if you see anything suspicious.

5. Keep your equipment up to date. Install the most up-to-date antivirus and anti-spyware software on all devices that connect to the internet.

6. Finally, you can also consider using a credit monitoring services to proactively monitor your credit and prevent fraudulent attempts to use your information. While there are fees associated with such services, this can provide some peace of mind, and assistance, when and if you run into a problem.



[1] Trans Union Website, January 14, 2015

[2] Federal Trade Commission (FTC)


[4] U.S Department of Justice, Javelin Strategy & Research

[5] The Identity Theft Resource Center website, April 28, 2015

[6] Bureau of Justice Statistics

See Disclosures.

Sign up for our newsletter

Popular Posts
bottom of page