Given the proliferation of tax filing software, it should come as no surprise that 94% of all individual tax returns are filed electronically, according to the IRS. And while going digital is undoubtedly convenient, it can also present a new set of challenges.
Cybersecurity risks such as identity theft should be a pressing concern for everyone, especially during tax season. Last year, the IRS confirmed 12,617 fraudulent tax returns—a 31% increase from 2022—and stated that it prevented $105.3 million in refunds from being distributed. In addition, nearly 1.1 million tax returns with refunds totaling $6.3 billion were flagged for review.
This year promises to be even worse. Generative AI technologies have made it easier than ever for bad actors to dupe consumers and manipulate online tax systems — and unfortunately, scams have been tougher to spot.
How to Prioritize Cybersecurity This Tax Season
More than 353 million people were impacted by data breaches last year, according to the Identity Theft Resource Center—and during tax season, there are often surges in cybercrime and identity theft.
When you’re using tax software, minimize your risk of damage by staying vigilant and practicing good digital hygiene. This includes:
- Selecting strong passwords: The Cybersecurity and Infrastructure Security Agency recommends making your passwords long, random, and unique. You may also want to consider using a password manager for added security.
- Using a secure internet connection: A recent study found that 40% of respondents had their information compromised while using public Wi-Fi. It’s essential to use a secure internet connection when doing your taxes.
- Enabling two-factor authentication: Multifactor authentication is also very important. If a cybercriminal runs into trouble trying to access your information, they’ll likely just give up and move on to the next potential victim.
- Keeping your devices and software updated: Make sure your software updates automatically to avoid bugs and other security concerns.
- Be mindful of open pathways: Filing your taxes online often requires you to connect your software with your financial institutions via APIs. Consider shutting down those pathways when they’re no longer in use to better protect yourself in the event of a breach.
Which Security Measures Are Within Your Control
However, there are other things you can do to make sure that you’re protected as well. The first step is to obtain a personal identification number (PIN) from the IRS. The PIN changes annually and comes in the mail, which makes it impossible for cybercriminals to access it. If you’ve requested a PIN and don’t include it with your return, the IRS will assume it’s fraudulent and refuse to process it.
To that end, it’s also important to file your taxes early. Only one return can be filed per person, and it’s great to beat cybercriminals to the punch. I usually file mine in February, but a decade ago, I waited. Someone filed an income tax return in my name with a return, and it took months for the IRS to sort it out.
You may also want to consider filing by hand, which all but eliminates the risk of identity theft.
Why You Should Assume You’re Being Targeted—Even If You’re Not
The key to preventing identity theft—or at least, reducing your risk—is to remain vigilant. Most cybercriminals will always take the path of least resistance. That’s why phishing is so common.
After the introduction of OpenAI’s ChatGPT in late 2022, the number of phishing attacks increased dramatically, according to a report from the Anti-Phishing Working Group (APWG). Over the course of 2023, the organization observed nearly 5 million phishing attacks — more than any other year. Meanwhile, verification platform Sumsub reported that there was a 10x increase in the number of deepfakes detected globally from 2022 to 2023, including a 1740% surge in North America, reinforcing the dangers that AI can pose to institutions and consumers.
To that end, recognize the risk that comes with integrating third-party filing tax systems with online applications, such as your bank. In 2023, 80% of businesses in the financial services industry reported API security incidents—up from 75% the year before. Put simply, millions of users’ personal information, all of which is necessary for filing tax returns, fell into the wrong hands. Remember that the more complex your tax return, the greater your risk.
It’s also crucial to be selective about the software you’re using. In addition to ensuring that it meets your needs, you must also consider the software provider’s reputation, trustworthiness, and reliability.
Tax season is stressful enough. The proper precautions now to ensure it doesn’t become a security nightmare for months to come.
