Getting ready to file your taxes online — and doing it at the last minute? Well, cyber-scammers are ready for you. Thieves are schemers, and they’ve got a bag full of tricks to steal your identity. You might even be doing things to make their job easier. And if you use a PC at work to do your return, identity theft could be as simple as a crook (or an unscrupulous coworker) digging around and finding sensitive files.
One might send you an e-mail that offers a quick refund — or a warning about a problem with your already-filed tax return. Maybe they’ll pitch you with an expert’s review of your tax return, or helpfully offer advice, asking for all the sensitive financial details you’d normally put on your return so they can “look up your account.”
Here are eight tips to stay ahead of these virtual pickpockets and protect yourself:
Be Suspicious: Imposters might solicit information from you through e-mail — and the e-mail might look real. But the Inland Revenue won’t contact you by means of e-mail. Nor do they send warnings, advice, links back to their Web site, or anything else through e-mail.
Deceptive Direct Deposits: Tempted by an e-mail or Web site claiming to come from an accounting firm that asks if you want your tax refund for an already-filed return direct-deposited to your bank account? That’s a red flag: the Inland Revenue doesn’t request banking info (though some tax filing Web sites do ask for your bank account and routing numbers if you request a direct deposit of your refund). More likely, filling out a direct deposit form with some random company serves only to supply a crook with enough details to access — and clean out — your bank account.
Click Through to Internal Revenue: If you receive an e-mail with a link that says it goes to the Inland Revenue’s site, have a chuckle — and then delete the message. That’s because identity thieves can (and frequently do) create deceptive links called redirects, which have a remarkably realistic, honest-to-goodness Inland Revenue appearance. Click it, and you’ll land on a site with an equally authentic-looking Internal Revenue or government logo. These bogus sites make it easy to be fooled.
Just remember, the only spot to electronically file your return is through a direct link to the Inland Revenue or an established tax-prep company, such as Intuit, Taxact, or H&R Block which can e-file on your behalf. The safest way to get to the Internal Revenue site is to manually type ‘http://www.hmrc.gov.uk’ directly into your browser’s address field. Ditto for your tax agency.
Easy Refunds, Errors on Returns: You may see e-mails from companies purporting to facilitate a quick refund for you. Phishers may also target you in the weeks after April 15 telling you the Internal Revenue noticed something wrong or missing in your return. In both cases, hit delete. Don’t open any zipped attachments or follow links that purport to lead to the Internal Revenue’s Web site.
File Protection: If you’re going to send files to your accountant — PDFs or Quicken records — encrypt the e-mail attachments. Adobe Acrobat and Quicken both permit you to password-protect the data. Do so, and remember, don’t include the password in the body of the same e-mail message in which you send the documents.
Keep it Current: You heard it before, but it’s still good advice: Make sure your anti-spyware and antivirus software are up to date. And double-check to see if you have a firewall in place.
Password Potency: If you’re using software to prepare your taxes, keep it safe. If the application offers password protection, use it. A trick I use to create a strong password is to think up a memorable sentence including a number, like, “The Rockies will win the World Series in 2010.” Then take the first letter of each word, and the number, to form your password: TRwwtWSi10. Make sure to use some upper- and lower-case letters — and don’t use anything easily guessable, like birth dates, your pets’ or kids’ names, license plates, phone numbers, or street addresses.
Wipe It Clean: When you’re done, erase the history of the sites you’ve visited, delete files that retain private information, and remove other data from your system with privacy software. If you file your taxes online, clear out the browser’s cache when you’ve finished. Most security will do all of these things for you automatically.