News
News
4/6/2007
08:16 AM
Connect Directly
RSS
E-Mail
50%
50%

10 Tips To Survive Online Tax Hacker And Phishing Attacks

As tax season moves into high gear, so do the phishers who are preying on people filing their tax returns. Here are tips on how to keep your money safe.

As tax season moves into high gear, an increasing number of people are filing their returns online, giving hackers and phishers the perfect opportunity to steal users' identities and every cent they have.

The Internal Revenue Service reported that 73 million tax returns were filed online in 2006, up 6.9% from 2005. Twenty million Americans filed their returns from home computers. This year the IRS is expecting a 6.9% increase in electronic filing and the agency also is expecting more e-file returns to be sent in from home.

Now, add to that the fact that security company Webroot Software Inc. reported that last year there was a 260% increase in system monitoring, largely via keystroke loggers and spyware. And much of that activity came specifically at tax time, said Mike Irwin, chief operating officer, in an interview with InformationWeek.

"There's a lot of nefarious activity that goes on throughout the year but there are certain times when that activity peaks, and tax season is one of those times," said Irwin. "If people are doing taxes on their computers, a hacker installing a keystroke logger or a backdoor could steal identities and access personal accounts pretty easily."

Paul Henry, a VP with Secure Computing, said in an interview that he recently saw his first phishing scam e-email hit his inbox this season. The scam is a familiar one, he noted. It purportedly was the IRS offering to send his refund directly to his credit card account.

To make matters worse, Henry said the phishing attacks won't just last for the week and a half. They'll probably last well into June, as phishers try to trick people by pretending to send e-mail notices from the IRS saying there's a problem with their filing and they need to send them information immediately or face steep penalties.

"Typically the phishing attacks start mid-March, but they're a little late this year," said Henry. "We think this is going to be a bigger problem this year. We're seeing 250,000 to 300,000 botnets created a day. You can sit there and watch new botnets created around the globe. We're seeing more sophistication with do-it-yourself phishing kits. What is all means is there's a target-rich environment out there and the phishers are more prepared to take advantage of it than ever before."

Henry and Irwin both said if users want to file their returns safely and not be taken to the cleaners, people need to be aware of the scams attackers will use to fool them, while also securing their computers.

Here are 10 tips they said users need to keep in mind:

  • Don't visit any tax-tip sites that aren't with the IRS or linked directly from the official IRS site. Also, double-check the URL to make sure the site that appears to be an IRS site actually is;

  • Remember that the IRS doesn't send out reminder e-mails. If someone e-mails you about filing your taxes, a problem with your return or otherwise portrays themselves as the IRS, it's not;

  • Make sure you have security software on your computer and make sure it's up to date;

  • Make sure your operating system and other applications are well-patched;

  • There are significant differences between anti-spyware and antivirus applications, so make sure you're running both;

  • Use encryption software and make sure any sensitive files are always encrypted;

  • Treat all e-mail with a high degree of suspicion;

  • Never ever click on links inside e-mails;

  • If you receive any kind of notification -- e-mail or snail mail -- purporting to be from the IRS, pick up the phone and call them directly;

  • Periodically, check your credit report to make sure nothing looks amiss.

    The IRS set up this link to give people information on how to protect themselves from phishers. The agency also advises people to e-mail it at phishing@irs.gov if they have received an e-mail claiming to be from the IRS.

    Comment  | 
    Print  | 
    More Insights
  • The Business of Going Digital
    The Business of Going Digital
    Digital business isn't about changing code; it's about changing what legacy sales, distribution, customer service, and product groups do in the new digital age. It's about bringing big data analytics, mobile, social, marketing automation, cloud computing, and the app economy together to launch new products and services. We're seeing new titles in this digital revolution, new responsibilities, new business models, and major shifts in technology spending.
    Register for InformationWeek Newsletters
    White Papers
    Current Issue
    InformationWeek Tech Digest - July10, 2014
    When selecting servers to support analytics, consider data center capacity, storage, and computational intensity.
    Flash Poll
    Video
    Slideshows
    Twitter Feed
    InformationWeek Radio
    Archived InformationWeek Radio
    Join InformationWeek’s Lorna Garey and Mike Healey, president of Yeoman Technology Group, an engineering and research firm focused on maximizing technology investments, to discuss the right way to go digital.
    Live Streaming Video
    Everything You've Been Told About Mobility Is Wrong
    Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.