It’s tax season again, the most wonderful time of the year for the US government, and taxpayer attitudes about identity theft are leaving much of the public vulnerable.
In its second annual Tax Season Risk Report, CyberScout, most Americans (58%) are not worried about tax fraud in spite of federal reports of 787,000 confirmed identity theft returns in 2016, totaling more than $4 billion in potential fraud.
Only 35% of taxpayers demand that their preparers use two-factor authentication, which is far more secure than a single password, to protect their clients’ personal information. The majority (56.5%) were not sure whether their preparer would follow this best practice, were not offered it or didn’t require it.
Also, half of all taxpayers (50%) who use a tax service weren’t sure how to evaluate them, chose someone online or didn’t screen them beforehand, leaving the taxpayer vulnerable to scams.
On the at-home front, less than a fifth (18%) use an encrypted USB drive, a secure way to save important documents like tax worksheets, W-2s, 1099s or 1040s. Another 38% either store tax documents on their computer’s hard drive or in the cloud, both approaches that are susceptible to a variety of hacks. And, the majority (51%) of taxpayers who expect a refund check in the mail have not taken precautions such as a locked mailbox, putting their check at risk of theft.
More than half (57%) of consumers will file in March, April or later than the April 15 deadline, giving tax fraudsters plenty of time to impersonate them online and steal their refunds.
“We’ve reached an extreme level of cybercrime where identity theft has become the third certainty in life. In tax season, it is crucial that everyone remain vigilant and on high alert to avoid tax related identity theft or phishing schemes,” said Adam Levin, founder and chairman of CyberScout, making a seasonal joke. “Tax season is one of the most common times for identity fraud to take place, making it even more important for consumers to take the proper safety measures.”
One of the safest ways for consumers to file their 2016 tax return is to file online directly with the Internal Revenue Service (IRS). Unfortunately, less than half of taxpayers (48%) rely on and trust online tax services. Nearly a quarter (24%) of respondents do not trust online tax services because they think they are unsafe, a misperception that can lead to exposure.
CyberScout recommends the following techniques for consumers to protect themselves:
Always use long and strong passwords.
Never authenticate yourself to anyone who contacts you online or by phone, since the IRS will never contact you by those methods.
Use direct deposit of refunds into your bank account or a locking mailbox for mailed refunds.
Monitor and protect your accounts and elements of your personal identity online and in social media. It’s easy for hackers to figure out answers to security questions from social media.
“In order to reduce the risk of becoming a tax identity theft victim, consumers need to follow the 3Ms: Minimize their risk of exposure, monitor your accounts and your personal identity, and know how to manage the damage,” noted Levin. “If the worst happens, victims of identity theft should turn to organizations they trust, including their insurance provider, financial services institution, or the HR department of their employer, who offer low-cost or free cyber-protection services to protect and restore stolen identities.”