Skip to content

Tax Season: Potential Payday for Hackers

By Michael Hall, Chief Information Security Officer
Updated February 8, 2018

The bad guys are getting really good at slipping into unprotected computer systems and obtaining tax files and other private information without your knowledge or permission.
If you are filing your income taxes online this season, please beware of the very real threat from hackers and other cyber criminals who are out to steal your data and your dollars.
Tax time can be a bonanza for identity thieves.
According to, more than 122 million tax returns were filed online last year. That’s 92 percent of the more than 135 million federal tax returns that were filed in 2017.
About one in five of those online returns are extra susceptible to hackers because the computers used to send the returns are not sufficiently protected. Without proper security, cyber thieves can steal personal and tax information via malware, email phishing scams and even lost or stolen flash drives and other storage devices.
Here’s what you can do to protect yourself and your personal information during tax-filing season.

File Early

File as far in advance as possible before the April 17, 2018 deadline for federal income taxes.
If you have already filed your return, and a thief steals your information and then submits a second tax return under your name—even with your Social Security number—only the first return will be accepted.


Encrypting data can protect you from an unwanted breach of security or privacy should your laptop or other device become stolen. There are plenty of encryption tools available, ranging in price from free to hundreds of dollars. PC Magazine recently published The Best Encryption Software of 2018.

Shred It

Guard your Social Security number and never give it to anyone unless it’s absolutely necessary.
Store sensitive information securely, and permanently dispose of any tax data that you no longer need.
Any personal papers that have your bank account, investment account or Social Security information should be shredded before disposal.

Strong Passwords

Make sure your computer system is protected using strong passwords and/or encryption software. Change your passwords often and do not use any easily guessed combinations of letters and numbers, like your birthdate, Social Security number, anniversary, child’s name, etc.
Read 12 Tips for a Stronger Password.

Update Regularly

Keep your computer operating system and software—including encryption programs and web browsers—updated so you have the latest version in place and working if thieves attack.
Hackers are always exploring computer security measures to find weaknesses and develop ways in. In reaction, security software manufacturers are constantly developing patches and software updates to eliminate threats as they are discovered. If you don’t keep up with software and operating system updates, these known weaknesses remain like open doors inviting criminals into your computer.
Identify what firewalls, anti-spam, antivirus, anti-malware and anti-spyware software you have installed and always install updates as they are made available. In addition, be sure to double check for any updates you may have missed before beginning your taxes.

Phishing and Malware Threats

Cybercriminals are always looking for ways to entice you to just give them your personal information. Beware of unsolicited emails, texts and social media posts from anyone you do not know asking for personal information. Thieves are very good at impersonating people you may know (who, themselves, may also be getting ripped off) and they are also very good at setting up fake websites that look like the real thing, but aren’t!
The trick is NOT to click on any suspicious link or to even read anything you get online unless you are absolutely certain who sent it.
If it is important, a friend or colleague will send another email or call. Without a response from you, the thief will focus on pursuing other targets.
Read Don’t Get Caught by Phishing or Other Email Attacks.
Read Another Crafty Phishing Attack Example.

Fake IRS Communications

The IRS does not make demands for immediate payment or ask for credit or debit card information by phone or email. Instead, if the IRS intends to contact you for collection, you will receive a bill in the mail via USPS.
If you get a suspicious email or phone call, do not respond. Follow up immediately by calling the IRS Identity Protection Specialized Unit (IPSU) at 1.800.908.4490.


Don’t ever download any software without visiting trusted review sites and researching its legitimacy. Otherwise, you may accidentally download software designed for the purpose of stealing your personal information or damaging your computer.
For enterprises, it often takes a team of accountants to prepare business taxes; however, it’s important to research each tax preparer’s credentials before entrusting them with financial information.
Whether you are looking to someone else to file taxes for yourself or a business, ask potential tax preparers how they protect your tax information. Questions you should be asking include:

  • How will my data be stored?
  • Will it be encrypted?
  • What computer security software is used?
  • Who has access?
  • Have those with access been properly screened?

Additional Tips

It’s always a good idea to regularly check your credit rating and report to see if any suspicious activity has occurred without your knowledge.
Never send any financial information over public Wi-Fi networks. Use only secure, password protected networks.
When filing your own taxes, use your own computer—do not use a public or work computer. To keep your information private, never file taxes on a computer that other people have access to (like your work computer).
File only on secure websites. Look at the URL of the website. If it begins with “https” instead of “http” it means the site is secured using an SSL Certificate and it is safe to use.
Once your return has been filed, make two copies of the file on two different devices. Confirm the copies you made are good and fully functional and then remove the personal info from your computer system.  
Protect Your Tax Data

Back To Top