10 security tips to protect you during tax season

The April 18 tax deadline is approaching, so beware a surge in tax related scams and phishing attacks.

You have an extra three days to file this year, but the April 18 tax deadline is fast approaching. Tax season can be stressful, or exciting depending on who owes who. Either way, the anxiety over income tax season helps attackers catch people off guard with spoofed IRS messages and other income tax related scams.

Fred Touchette, senior security analyst for AppRiver, put together some tips to help you make sure you avoid tax season malware and phishing attacks, and keep your income tax refund in your pocket where it belongs. Here are ten things you should keep in mind this tax season:

1. IRS Will Not Email You. Honestly, for most tax season threats you can stop right there. If you understand that the IRS will not contact you by email to let you know that you have a larger refund, or that you owe more money, then you can simply ignore 99 percent of the tax scams out there.

2. IRS Will Not Ask For Your Bank / Credit Card Info. If you forget the first tip, then this one should cover the remaining bases and protect your from tax season scams. Even if you actually owe more money, the IRS will never ask you to hand over your bank account PIN or credit card number.

3. Don't Click Links or Open Attachments in Unsolicited Emails. This is a security best practice for any occasion, and is a mantra of security experts everywhere. Most email-borne malware and phishing attacks can be avoided if you just remember not to click on any link, or open any file attachment on an unsolicited email.

4. Never Conduct Sensitive Transactions Over Public Networks. It is convenient to be able to jump online in a library or hotel lobby, or connect using the free public Wi-Fi at your neighborhood Starbucks or McDonald's, but don't conduct sensitive business on those networks. Networks that are shared publicly expose your data and traffic to interception and exploit.

5. Always Log Out of Sites. It is habit for many people to "end" a Web session by clicking the "X" to shut down the browser window. But, even after the browser is closed, your session with your bank or credit card company is probably still live for some period of time before it times out. To be sure nobody else can jump on and hijack your session, you should actually log out of accounts before you shut the browser.

6. Don't Share a PC With Your Kids. You might be smart enough not to fall for clever scams and phishing attacks, but are your kids? If you share a PC with your kids, they may just become the weakest link for protecting your data, and inadvertently expose your PC to increased risk. If you do share a PC, at least log in using different user accounts, and keep your sensitive data protected so that other user accounts can't access it.

7. Conduct Secure Transactions -- Look for the Padlock. When you do log in to a bank, or credit card, or other sensitive site, it should be an encrypted HTTPS session to prevent the traffic from being intercepted. Look for your browser address bar to be green, or look for the little padlock icon to indicate that your browser session is secure.

8. Use Strong Passwords. Enough said.

9. Protect the PC. Use the tools available to you, such as antimalware, anti-spam, and other software to detect and filter out threats. These defenses won't catch everything, but they can help identify and block many tax season threats.

10. If It's Too Good To Be True, It's Not True. What are the odds that the IRS has reviewed your return and determined that you are owed more money? Pretty slim. Rather than getting excited about the prospect of more money coming your way, go with that gut reaction and assume it's a scam.

Join the CSO newsletter!

Error: Please check your email address.

Tags spamantispamapplicationstaxvirusessecuritysoftwarephishingFinancial / taxmalware

More about FredIRSIRSMcDonald'sStarbucks

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Tony Bradley

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts