CybersecurityTax Identity Theft Awareness Week

This week (January 29-Feb 2, 2018) is the FTC’s Tax Identity Theft Awareness Week and the beginning of the IRS’s tax filing season. But it is also a prime time for identity thieves to steal money from businesses and people. The FTC states that tax identity theft occurs, “…when a person uses someone else’s Social Security number to either file a tax return and claim the victim’s refund, or to earn wages that are reported as the victim’s income, leaving the victim with the tax bill.”

What tax season scams should your employees watch out for?

  • W-2 Scams: Thieves can contact payroll and trick employees into revealing private data by pretending to be company executives. The thieves demand copies of employee W-2s containing addresses, social security numbers, income, and withholdings. Workers anxious to follow the demand of a superior may send the records to the thieves. Follow up with emailed or called-in requests for confidential documents with a different contact method.
  • Fake IRS Phone Calls: Crooks can call pretending to be IRS agents and claim that you owe money. Next, they threaten to arrest you if they do not get their payment immediately. Or, they say you are getting a refund and ask you to verify personal information, such as your social security number. If you pick up this type of call, hang up and get in touch with the IRS using their website’s contact details. You can also report impersonation phone calls to In case you get conned into paying their fake bill using a credit or debit card, contact your bank right away to stop the payment.
  • Phishing Emails: Scammers can create official-looking emails that appear to be from the IRS. For instance, cybercriminals can deliver an email urging individuals to fill in their personal information in their PDF form and send it directly to them. Or emails can instruct people to confirm their personal information by clicking on a hyperlink to a disguised portal and entering their login data. Do not click on links or attachments from unexpected or questionable senders. Also, fuzzy logos and misspellings are obvious signs of a phishing email. Send fraudulent emails to the IRS at
  • Tax Return Fraud: Thieves may use stolen names, addresses, and social security numbers to file a tax return before you can. Afterward, once victims try to turn in their tax returns to the IRS, the entry will be rejected. Additionally, someone might use your social security number to get employment, and then receive a bill for unpaid taxes. As stated by the Identity Theft Resource Center, it can take 600 hours to restore your identity after a theft has occurred. If you get tax records from a mysterious employer or discover your tax return was submitted without your knowledge, call the IRS Identity Protection Specialized Unit at 1-800-908-4490.

Be aware the IRS will never:

  • Get in touch with you by email to collect personal information, notify you of a bill or refund, or instruct you to update your account.
  • Call about taxes you owe without mailing a bill in advance.
  • Order the immediate payment of a bill without letting you check the total amount you owe.
  • Threaten to send the police to arrest you for non-payment.

How can you avoid tax ID theft?

  • Do not wait until the deadline to file your tax return. Make sure to file your tax returns once your required documents become available.
  • Use a private password-protected Wi-Fi signal when working with sensitive data. Do not ever use public Wi-Fi for this function since a nearby hacker can spy on your activities.
  • Mail paper returns directly from the post office. The paperwork should be given directly to the mail clerk and delivered by certified mail. Don’t drop it off in an unlocked outgoing mailbox bin. Thieves can open the envelope, record your information, and put the paperwork back into the bin.
  • Scan devices with security software every week, especially when they are being used to file tax returns. Regular scans with Trend Micro or Sophos software can prevent hackers from reaching your device and installing spyware.
  • Use supported operating systems and update the software once a patch is available. Unsupported operating systems, such as Windows XP and Vista, leave security holes hackers can easily enter.
  • Choose strong passwords with a random combination of numbers, letters, and symbols. Also, use unique passwords for each account and store them in a password management program.
  • Use safe document storage methods. Physical paperwork should be locked in steel cabinets. For digital records, use encrypted enterprise cloud storage, such as eFolder and Veritas.
  • Perform regular company cybersecurity training to assure employees can recognize any unauthorized attempts to get personal information.
  • Wipe data from computers and mobile devices before discarding them. Plus, shred sensitive documents before throwing them out.

If you have questions or concerns about your data security, you can give us a call at 877-794-3811 or email We can offer extra protection in our subscription-based cloud service called Security as a Service. It includes email security, web security, enterprise anti-virus/anti-malware protection, ransomware protection, intrusion prevention, and security monitoring.