Drake Software blog for tax pros, covering tax, IRS news, and more

National Tax Security Awareness Week: Online Shopping Scams

National Tax Security Awareness Week: Online Shopping Scams

On the first day of National Tax Security Awareness Week, the Internal Revenue Service highlighted ways that cybercriminals target online shoppers during the holiday season. The Security Summit-sponsored campaign aims to raise awareness of tax-related security issues targeting taxpayers and tax professionals alike.

The IRS notes that online shopping scams are designed to “steal financial account information, Social Security numbers, credit card information, and other sensitive data.” While this information has historically been used to illegally make purchases or apply for credit card and bank loans, it has increasingly been used to file tax returns—a practice that has yielded millions of fraudulently acquired refund dollars.

To help protect the public from these scams, the IRS Newswire included the following seven online safety tips:

  • "Avoid unprotected Wi-Fi. Unprotected public Wi-Fi hotspots in malls or at holiday events also may allow thieves to view transactions. Do not engage in online financial transactions if using unprotected public Wi-Fi.
  • Shop at familiar online retailers. Generally, sites using the “s” designation in “https” at the start of the URL are secure. Look for the “lock” icon in the browser’s URL bar. But remember, even bad actors may obtain a security certificate so the “s” may not vouch for the site’s legitimacy. Beware of purchases at unfamiliar sites or clicks on links from pop-up ads.
  • Learn to recognize and avoid phishing emails that pose as a trusted source such as those from financial institutions or the IRS. The IRS has seen an increase in these schemes this year. These emails may suggest a password is expiring or an account update is needed. The criminal’s goal is to entice users to open a link or attachment. The link may take users to a fake website that will steal usernames and passwords. An attachment may download malware that tracks keystrokes—putting personal information at risk.
  • Keep a clean machine. This applies to all devices—computers, phones and tablets. Use security software to protect against malware that may steal data and viruses that may damage files. Set it to update automatically so that it always has the latest security defenses. Make sure firewalls and browser defenses are always active. Avoid “free” security scans or pop-up advertisements for security software.
  • Use passwords that are strong, long and unique. Experts suggest a minimum of 10 characters, but longer is better. Avoid using a specific word; longer phrases are better. Use a combination of letters, numbers and special characters. Use a different password for each account. Use a password manager, if necessary.
  • Use multi-factor authentication. Some financial institutions, email providers and social media sites allow users to set accounts for multi-factor authentication. This means users may need a security code, usually sent as a text to a mobile phone, in addition to usernames and passwords.
  • Encrypt and password-protect sensitive data. If keeping financial records, tax returns or any personally identifiable information on computers, this data should be encrypted and protected by a strong password. Also, back up important data to an external source, such as an external hard drive. And, when disposing of computers, mobile phones, or tablets, make sure to wipe the hard drive of all information before trashing."

Using better passwords, adding multi-factor authentication, and learning to spot phishing scams may be familiar security tactics, but the convenience of public Wi-Fi and annoyance of regular software updates may create blind spots for those who are otherwise diligent about data security issues.  Cybercriminals often spoof popular Wi-Fi hotspots to try and dupe victims into joining their version of “Coffee Shop” or “Popular Main Street Business,” and the WannaCry ransomware attack was successful because victims had not installed Windows updates.

To learn more about protecting data from tax-related identity theft schemes, the IRS recommended these resources:

 Source: IRS Newswire

Ryan Norton

Whether designing superheroes, penciling caricatures, or just doodling, I always knew I was going to earn some sort of art degree while in college. That was my goal before I decided to trade Edgar Degas for Edgar Allan Poe during a Freshman English class. The BA in English soon morphed into a double-major in English and Philosophy, eventually becoming an MA in English. It only makes sense that I learned of a writing opportunity for a local marketing firm while teaching a first-year college English course. Before I knew it, I was writing and editing tax-related articles for Taxing Subjects, and this has been my home since 2014.