Have you filed your taxes yet? The clock is ticking.
Typically, Tax Day is April 15. However, this year, special circumstances are giving you a couple extra days to file. Tax Day falls on Tuesday, April 17.
We need to be extra careful this tax season. That's because popular tax software providers could be putting you at risk of identity theft and other scams.
Is your tax preparation company putting you at risk?
We're always warning you of the latest phishing scams making the rounds. It's when scammers send fraudulent emails that include malicious links trying to trick victims into clicking on them.
According to phishing.org, there are over 100 billion spam emails sent every day. Yikes! More than 85 percent of all organizations have been targeted by phishing attacks and damages exceed $1 billion.
Now, security researchers at Global Cyber Alliance (GCA) are claiming that certain popular tax software providers don't have enough email protections to secure communications with customers.
- H&R Block
What's happening is, these companies are not using the Domain-based Message Authentication, Reporting and Conformance (DMARC) email-validation system. It's designed to detect and prevent email spoofing, or phishing scams. This could open the door for phishing emails to make their way into your inbox.
To be fair, TurboTax and FreeTaxUSA have DMARC in place but are not using it to block fraudulent emails. TaxAct and H&R Block don't use the protocol at all according to GCA. It turns out that Liberty Tax is the only top tax software provider that uses DMARC to block phishing emails.
The companies in question have disputed the report. Their spokespeople told CNBC that they have other security protocols in place and GCA's report only tells part of the story.
No matter which tax software provider you choose, it's a good idea to be cautious. Especially with email communications.
How to report tax phishing scams
Since tax phishing scams are so rampant, the IRS is giving suggestions on how to handle them. First, you should know that the IRS does not initiate contact with taxpayers by email, text messages or social media channels to request personal or financial information. This includes requests for PIN codes, passwords or similar access information for credit cards, banks or other financial accounts.
If you do happen to receive a tax phishing email, follow these steps:
- Report all unsolicited email claiming to be from the IRS or an IRS-related function to firstname.lastname@example.org
- If you've experienced any monetary losses due to an IRS-related incident, report it to the Treasury Inspector General Administration (TIGTA) by clicking here and file a complaint with the Federal Trade Commission (FTC) through their Complaint Assistant by clicking here to make the info available to investigators.
Battling the dreaded phishing attack
In the event that a phishing email makes it into your inbox, here are some suggestions on how to avoid falling victim.
Be cautious with links
Do not follow web links in unsolicited email messages, it could be a phishing attack. Since it's tax time, cybercriminals will be targeting Americans with phishing scams related to taxes and the IRS to try and rip them off.
That's why you need to be able to recognize a phishing scam. One thing to watch for with phishing attacks are typos, criminals are typically careless with spelling and grammar. If you receive an email or notification from a reputable company, it should not contain typos. Take our phishing IQ test to see if you can spot a fake email.
Set up two-factor authentication
Two-factor authentication, also known as two-step verification, means that to log in to your account, you need two ways to prove you are who you say you are. This adds an extra layer of security and should be used whenever a site makes it available. Click here to learn how to set up two-factor authentication.
Use unique passwords
Many people use the same password for multiple websites. Terrible mistake!
If your credentials are stolen from one site and you use the same username and/or password on others, it's easy for the cybercriminal to get into each account. That's why it's important to have unique, strong passwords for every site. Click here to find out how to create hack-proof passwords.
Safeguard sensitive data
Unsuspecting people are mistakenly handing over sensitive information to scammers all too often. If you receive an unsolicited email, do not reply with personal information. You don't want it to fall into the hands of criminals.
If a company that you do business with on a regular basis emails you and asks for personal information, type the company's official web address into your browser and go there directly to be safe. If you receive an email from the tax professional you filed taxes through, take the time to call them at their verified number.
Have a question about tax scams or anything tech-related? Kim has your answer! Click here to send Kim a question, she may use it and answer it on her radio show.
ARE YOU E-FILING YOUR TAXES? WATCH OUT FOR FRAUD
According to the Free File Alliance, around 100 million Americans qualify to use the free filing software. But not all is rosy when it comes to filing your taxes. Tax-time scams and fraud are on the rise so if you're planning to file your taxes online be wary of potential security and privacy issues.