Quick! File your taxes before a hacker does it for you

It's tax season! You might not want to put off filing your taxes this year. If you're not quick, you might find that someone else has already filed a fraudulent tax return in your name.

There are only a few things someone needs to file a tax return as you. Armed with your name, address, and Social Security number it's relatively easy to file a tax return in your name. The details beyond that don't matter too much, and the hacker can receive the refund dollars and have them spent before you even realize the fraudulent return was filed.

Here are four things you should do to guard against a fraudulent tax return being filed in your name, and to protect your credit and identity in general:

  • File your returns as early as possible. Tax season began on January 31st and runs through April 15th. In order to prevent someone else from filing under your name, submit your tax returns as soon as possible.
  • Watch out for phishing scams. If you receive an email or text message from the IRS asking for any personal information, do not reply nor click on any links. All correspondence originating from the IRS will be sent as a hard copy via snail mail and will never ask for such information over digital communications. Instead of replying, forward these messages to phishing@IRS.gov.
  • Monitor your credit report. It is recommended that you check your credit report for suspicious activity at least twice a year. Spotting signs of identity theft before tax season rolls around can prevent headaches later on.
  • Install comprehensive security software. Without the proper precautions set around your digital devices, cybercriminals may have access to your electronic tax forms, medical information, home lease, or other confidential documents that are intended for your eyes only. To keep your data and SSN out of the hands of fraudsters, install security software to protect your data and identity on all of your devices.

Gary Davis, chief consumer security evangelist for Intel Security, also suggests being vigilant about guarding your Social Security number in the first place. He urges consumers to exercise skepticism over which websites, companies, and corporations deserve access to your SSN. Davis says, "Do not provide it over the phone or via email, and leave it blank on forms when possible. If you have any doubts or feel uncomfortable providing it--always ask why the requesting party needs it or don't give it out."

How identity theft tax fraud could be thwarted

Thanks to massive data breaches like the recent compromise of Anthem, or the breach at Target, identity thieves have plenty of ammunition to work with. Hundreds of millions of names, addresses, and Social Security numbers that have been exposed. There's nothing you can really do about protecting that data once it's been exposed to attackers.

We need stronger controls in place to verify that the person filing the return is legitimate. "Too much information is already available about us based on our online identities; we need something better. Thankfully things like biometrics are becoming far easier to implement," explained Garve Hayes, solution architect with NetIQ.

Marc Maiffret, CTO of BeyondTrust, stressed that filing taxes should require two-factor authentication. "Such technology makes it where an attacker needs your username and password plus a randomly generated code from something like your smart phone. This is something supported by Google, Facebook, Microsoft and many other online services but has yet to be widely adopted by online financial institutions from banks to tax filing."

Until the IRS and tax filing services take steps to make the filing process more secure, anyone with your name, address, and Social Security number can potentially file a fraudulent return in your name. Make sure you file early and beat them to it.

Join the CSO newsletter!

Error: Please check your email address.

Tags Intel securityIRSsecurityIdentity fraud / theft

More about BeyondTrustFacebookGoogleHayesIntelIRSMicrosoftNetIQ

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Tony Bradley

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts