10 Tips To Survive Online Tax Hacker And Phishing Attacks - InformationWeek
08:16 AM

10 Tips To Survive Online Tax Hacker And Phishing Attacks

As tax season moves into high gear, so do the phishers who are preying on people filing their tax returns. Here are tips on how to keep your money safe.

As tax season moves into high gear, an increasing number of people are filing their returns online, giving hackers and phishers the perfect opportunity to steal users' identities and every cent they have.

The Internal Revenue Service reported that 73 million tax returns were filed online in 2006, up 6.9% from 2005. Twenty million Americans filed their returns from home computers. This year the IRS is expecting a 6.9% increase in electronic filing and the agency also is expecting more e-file returns to be sent in from home.

Now, add to that the fact that security company Webroot Software Inc. reported that last year there was a 260% increase in system monitoring, largely via keystroke loggers and spyware. And much of that activity came specifically at tax time, said Mike Irwin, chief operating officer, in an interview with InformationWeek.

"There's a lot of nefarious activity that goes on throughout the year but there are certain times when that activity peaks, and tax season is one of those times," said Irwin. "If people are doing taxes on their computers, a hacker installing a keystroke logger or a backdoor could steal identities and access personal accounts pretty easily."

Paul Henry, a VP with Secure Computing, said in an interview that he recently saw his first phishing scam e-email hit his inbox this season. The scam is a familiar one, he noted. It purportedly was the IRS offering to send his refund directly to his credit card account.

To make matters worse, Henry said the phishing attacks won't just last for the week and a half. They'll probably last well into June, as phishers try to trick people by pretending to send e-mail notices from the IRS saying there's a problem with their filing and they need to send them information immediately or face steep penalties.

"Typically the phishing attacks start mid-March, but they're a little late this year," said Henry. "We think this is going to be a bigger problem this year. We're seeing 250,000 to 300,000 botnets created a day. You can sit there and watch new botnets created around the globe. We're seeing more sophistication with do-it-yourself phishing kits. What is all means is there's a target-rich environment out there and the phishers are more prepared to take advantage of it than ever before."

Henry and Irwin both said if users want to file their returns safely and not be taken to the cleaners, people need to be aware of the scams attackers will use to fool them, while also securing their computers.

Here are 10 tips they said users need to keep in mind:

  • Don't visit any tax-tip sites that aren't with the IRS or linked directly from the official IRS site. Also, double-check the URL to make sure the site that appears to be an IRS site actually is;

  • Remember that the IRS doesn't send out reminder e-mails. If someone e-mails you about filing your taxes, a problem with your return or otherwise portrays themselves as the IRS, it's not;

  • Make sure you have security software on your computer and make sure it's up to date;

  • Make sure your operating system and other applications are well-patched;

  • There are significant differences between anti-spyware and antivirus applications, so make sure you're running both;

  • Use encryption software and make sure any sensitive files are always encrypted;

  • Treat all e-mail with a high degree of suspicion;

  • Never ever click on links inside e-mails;

  • If you receive any kind of notification -- e-mail or snail mail -- purporting to be from the IRS, pick up the phone and call them directly;

  • Periodically, check your credit report to make sure nothing looks amiss.

    The IRS set up this link to give people information on how to protect themselves from phishers. The agency also advises people to e-mail it at phishing@irs.gov if they have received an e-mail claiming to be from the IRS.

    Comment  | 
    Print  | 
    More Insights
  • Comments
    Newest First  |  Oldest First  |  Threaded View
    How Enterprises Are Attacking the IT Security Enterprise
    How Enterprises Are Attacking the IT Security Enterprise
    To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
    Register for InformationWeek Newsletters
    White Papers
    Current Issue
    2017 State of IT Report
    In today's technology-driven world, "innovation" has become a basic expectation. IT leaders are tasked with making technical magic, improving customer experience, and boosting the bottom line -- yet often without any increase to the IT budget. How are organizations striking the balance between new initiatives and cost control? Download our report to learn about the biggest challenges and how savvy IT executives are overcoming them.
    Twitter Feed
    Sponsored Live Streaming Video
    Everything You've Been Told About Mobility Is Wrong
    Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
    Flash Poll