Center for Internet Security Offers Tips for Avoiding Online Tax Scams

Share Article

As the countdown to Tax Day approaches, users need to remain vigilant in protecting their information and identity.

Center for Internet Security
In light of recent major consumer data breaches, more personal and sensitive data is now potentially available for criminals to exploit during this tax season.

The Center for Internet Security (CIS) today issued its Protect Yourself from Tax Season Identity Theft Scams booklet to help individuals recognize online tax-related scams and defend against them. The rush to complete tax filings in these last few weeks before the April 15 deadline requires heightened awareness and prudent behavior to minimize risks.

Identity theft and phishing remain top security concerns this year, with criminals using a variety of techniques to lure users into falling for scams. One common tactic used is to send emails appearing to be from legitimate organizations, such as the IRS or a tax preparer, trying to entice the recipient into providing personal and financial data. This information is then used to steal the victim’s identity, resulting in potential financial loss, damage to reputation, and lost time and effort expended to repair the victim’s credit history. Another phishing scam involves an email that discusses supposed changes to tax laws and includes a downloadable document (usually in PDF format) that claims to explain the new laws. These files are populated with malware that, once downloaded, may infect the victim’s computer, potentially stealing or destroying data or causing other damage.

Additionally, in light of recent major consumer data breaches, more personal and sensitive data is now potentially available for criminals to use for malicious activity.

Users who have already filed their taxes this season can still be vulnerable to tax-related scams. Many schemes take advantage of users by alleging to have information about the filer’s refund, or noting a problem with the return that was previously filed.

The IRS recently released its Dirty Dozen Scams for 2014, which highlights common scam tactics, including those that occur offline, such as criminals who impersonate legitimate charities and place phone calls to victims to solicit money.

"Taxpayers should be on the lookout for tax scams using the IRS name,” said IRS Commissioner John Koskinen. “These schemes jump every year at tax time. Scams can be sophisticated and take many different forms. We urge people to protect themselves and use caution when viewing e-mails, receiving telephone calls or getting advice on tax issues.”

“Vigilance about the security of our online activities is required every day, but is especially important during this time of year. Tax season can be stressful for a lot of people, and hackers exploit this through targeted phishing attacks that try to scare you or entice you into clicking on a link or opening an attachment,” said William Pelgrin, CIS president and CEO. “Some basic precautions that will minimize risk include the following:

  • Do not respond to emails appearing to be from the IRS. The IRS does not initiate taxpayer communications through email or social media tools to request personal or financial information. The IRS does not send emails stating you are being electronically audited or that you are getting a refund. If you receive an unsolicited email claiming to be from the IRS, send it to
  • Do not send sensitive information in an email. Criminals may intercept the information.
  • Do not open any attachments or click on links contained in suspicious emails. Common scams tout tax rebates, offer great deals on tax preparation or offer a free tax calculator tool. If you did not solicit the information, it’s likely a scam.
  • Carefully select the sites you visit. Safely searching for tax forms, advice on deductibles, tax preparers, and other similar topics requires caution. Do not visit a site by clicking on a link sent in an email, found on someone's blog, or on an advertisement. The website you land on may look just like the real site, but it may be a well-crafted fake.
  • Be wise about Wi-Fi. Wi-Fi hotspots are intended to provide convenient access to the Internet and are not necessarily secure against eavesdropping by hackers.
  • Secure your computer. Make sure your computer has the proper security controls, including up-to-date anti-virus and anti-spyware software, and a firewall.

“The best advice is to take a breath...think before you click,” Pelgrin said.

For more information about staying secure during tax season, download the CIS Protect Yourself from Tax Season Identity Theft Scams booklet.

For tips and resources to help improve your security throughout the year, visit CIS online.

About the Center for Internet Security
The Center for Internet Security (CIS) is a 501c3 nonprofit organization focused on enhancing the cyber security readiness and response of public and private sector entities, with a commitment to excellence through collaboration. CIS produces consensus-based, best practice secure configuration benchmarks and security automation content, and serves as the key cyber security resource for state, local, territorial and tribal governments, including chief information security officers, homeland security advisors and fusion centers. CIS provides products and resources that help partners achieve security goals through expert guidance and cost-effective solutions. To learn more please visit or follow us at @CISecurity.

Krista Montie
The Center for Internet Security

Liz Grimes
PR Director - Overit
518-465-8829 x 213


Share article on social media or email:

View article via:

Pdf Print

Contact Author

Krista Montie
Visit website