The Tax Refund You’re Counting on is in Jeopardy

Ah February.  The days are getting longer, the daily forecast is a toss up, and your W-2’s are arriving in the mail.  It’s tax time, and you’re looking forward to spending your refund on a well earned vacation, or maybe some home improvements.  But this time of year is also a favorite time for hackers to take advantage of you and your tax returns. There are two main ways they make this happen: using stolen information and social engineering.

“Ok ok one at a time.  How about we start with stolen information?”

Great choice.  The key word here is “stolen.”  We’ve talked about stolen information from data breaches before, and so many companies have suffered data breaches, that almost all of your personal information has been stolen at one point or another.  This includes smaller things like your email address and phone number, which can lead to spam or robo calls. However it also includes more serious things like your social security number and address.  Armed with this information, hackers can get to work.

To create your tax trouble, the hackers don’t even have to use a fancy hack to steal your money.  They go online and fill out a tax return, seeking the biggest return possible. Using your stolen information, they submit the return to the IRS, and bingo, your refund is now theirs.  When you go to submit your tax return, the IRS won’t accept it since someone else has already submitted it “on your behalf.” You may also get a letter from the IRS in the mail about a suspicious return, but it’s too late.

So what do you do? In short, get your tax return completed as soon as possible!  The IRS has done better at cracking down on fraudulent returns in the past few years, so the number of cases has dropped.  But don’t let procrastination make you a statistic!

“What’s up with ‘social engineering?’  Is this a Twitter for engineers?”

Not exactly.  When hackers take advantage of your emotions and cause you to take an action you may not normally make, this is called “social engineering.”  It can also be known as a scam or con, but most commonly, social engineering takes on the form of phishing emails; think of the Nigerian prince who has “millions of dollars” for you.

In this case, hackers use tax season to pretend to be the IRS or other tax preparation services.  They will call you and threaten you if don’t provide immediate payment. If you do get a call like this, hang up - it’s a scam.  The IRS will never do things like call you, visit your home in person, revoke your driver’s license or immigration status, or demand immediate payment without providing you with a bill first.  In fact, the IRS has created a great guide that outlines what they will and won’t do.  And if the hacker is pretending to be a tax preparation service, still hang up.  Ask yourself if you’ve ever used that company to prepare your taxes, and if so, contact the company directly with the number you find online for them.

The key to all of this is staying ahead of the latest data breaches and social engineering techniques.  Our Approachable Cyber Threats (ACT) are a great way, but if you want to stay a step ahead of hackers, you need our Approachable Cybersecurity Awareness Training; where we cover the latest methods hackers are using to trick you, and how to stay ahead of them.  If you or your organization don’t want to become a social engineering statistic, let’s talk today.

Follow us - stay ahead.

Read more of the ACT