10 Tips To Survive Online Tax Hacker And Phishing Attacks

As tax season moves into high gear, an increasing number of people are filing their returns online, giving hackers and phishers the perfect opportunity to steal users' identities and every cent they have.

The Internal Revenue Service reported that 73 million tax returns were filed online in 2006, up 6.9% from 2005. Twenty million Americans filed their returns from home computers. This year the IRS is expecting a 6.9% increase in electronic filing and the agency also is expecting more e-file returns to be sent in from home.

Now, add to that the fact that security company Webroot Software Inc. reported that last year there was a 260% increase in system monitoring, largely via keystroke loggers and spyware. And much of that activity came specifically at tax time, said Mike Irwin, chief operating officer, in an interview with InformationWeek.

"There's a lot of nefarious activity that goes on throughout the year but there are certain times when that activity peaks, and tax season is one of those times," said Irwin. "If people are doing taxes on their computers, a hacker installing a keystroke logger or a backdoor could steal identities and access personal accounts pretty easily."

Paul Henry, a VP with Secure Computing, said in an interview that he recently saw his first phishing scam e-email hit his inbox this season. The scam is a familiar one, he noted. It purportedly was the IRS offering to send his refund directly to his credit card account.

To make matters worse, Henry said the phishing attacks won't just last for the week and a half. They'll probably last well into June, as phishers try to trick people by pretending to send e-mail notices from the IRS saying there's a problem with their filing and they need to send them information immediately or face steep penalties.

"Typically the phishing attacks start mid-March, but they're a little late this year," said Henry. "We think this is going to be a bigger problem this year. We're seeing 250,000 to 300,000 botnets created a day. You can sit there and watch new botnets created around the globe. We're seeing more sophistication with do-it-yourself phishing kits. What is all means is there's a target-rich environment out there and the phishers are more prepared to take advantage of it than ever before."

Henry and Irwin both said if users want to file their returns safely and not be taken to the cleaners, people need to be aware of the scams attackers will use to fool them, while also securing their computers.

Here are 10 tips they said users need to keep in mind:

Don't visit any tax-tip sites that aren't with the IRS or linked directly from the official IRS site. Also, double-check the URL to make sure the site that appears to be an IRS site actually is;

Remember that the IRS doesn't send out reminder e-mails. If someone e-mails you about filing your taxes, a problem with your return or otherwise portrays themselves as the IRS, it's not;

Make sure you have security software on your computer and make sure it's up to date;

Make sure your operating system and other applications are well-patched;

There are significant differences between anti-spyware and antivirus applications, so make sure you're running both;

Use encryption software and make sure any sensitive files are always encrypted;

Treat all e-mail with a high degree of suspicion;

Never ever click on links inside e-mails;

If you receive any kind of notification -- e-mail or snail mail -- purporting to be from the IRS, pick up the phone and call them directly;

Periodically, check your credit report to make sure nothing looks amiss.

The IRS set up this link to give people information on how to protect themselves from phishers. The agency also advises people to e-mail it at [email protected] if they have received an e-mail claiming to be from the IRS.