With the COVID-19 pandemic pushing people out of public spaces, more and more financial transactions are happening online. All that new credit card data has brought with it a new wave of phishers — the term for bad actors that lie in order to steal private information from anyone unlucky enough to fall for their bait.
April 15 is tax day, the deadline for filing individuals’ U.S. federal income tax returns. Here’s why tax scammers are likely to be out in full force this year.
Phishers want your tax info
Phishers tend to jump on trends: Anything that the general population might be interested in will give phishers an opportunity to harvest private data. COVID-19 vaccination appointments and relief payments were a few recent chances to scam, while Black Friday is always a big annual event for them.
Tax season is the big one to worry about now though, as we get closer to April 15.
“Unfortunately, tax season is always a risky period, with criminals sending fraudulent emails and SMS messages claiming to be from the IRS,” Tony Pepper, CEO of cybersecurity provider Egress, tells Tech.co. “These scams are aimed at tricking citizens out of their sensitive data, such as Social Security numbers and IRS login details, and even their money, under the guise of claiming unpaid taxes.”
Phishing scams are already up: We saw a 15% rise in 2020 over the previous year, according to the 2020 Phishing and Fraud Report from F5 Labs, although during the peak of concern about the pandemic, that increase was at one point 220% higher than at the same period in 2019.
How to stay safe
Know what to expect. The biggest thing to remember is that the IRS will never contact you directly through email, which is the most common form of phishing. They won’t go through SMS messages or social media either.
“We’d urge anyone who has received an email or SMS purporting to be from the IRS to notify the them directly using the IRS phishing reporting service,” says Pepper.
Most phishing emails can be identified with a few simple tips: Hover over any links before you click them to make sure you recognize the address, and check the sender’s email address closely to make sure no spelling errors or strange URLs stand out.
“Finally, always question why someone might want your sensitive data before handing it over – and if in doubt, always contact the IRS directly to check the legitimacy of any communications you receive claiming to be from them,” Pepper adds.
You can also check out possible digital solutions in the form of accounting software, which can guide you through the process of filing online, with no need for email at all. We’ve rounded up the top accounting solutions for small businesses if you need a place to start.
One last security-boosting effort worth considering is getting a password manager. Most of the top password management services, including Dashlane, 1Password and LastPass, all come with an auto-fill function — one that crucially won’t be activated if you land on a fake website set up by phishers to steal your password.
Stay safe while paying your taxes this year, and take a quick look at the best password managing software out there just in case.