How to Protect Yourself from Cyber Tax Fraud and Scams

How to Protect Yourself from Cyber Tax Fraud and Scams

February 24, 2023

Tax season is now in full swing which, unfortunately, means fraudsters and scammers are in full swing as well.  There were nearly 7.8 million reports of suspicious tax-related activities in 2022.  This coincides with an overall rising fraud environment with the Federal Trade Commission reporting a 70% increase in fraud losses from 2020 to 2021.  With over 90% of tax returns now filed electronically, keeping your personal data safe is more important now than ever.  So, what can we do to prevent cyber tax fraud?

File your taxes promptly before someone tries to impersonate you

With this scheme, scammers electronically file a false return with fraudulent data and collect the refund.  Then when the legitimate taxpayer attempts to file their return, they get a nasty surprise that one has already been filed using their Social Security number.

Therefore, filing promptly can help to ward off this particular type of fraud.  Remember that even if you have a balance due, and you want to wait until the filing deadline to make your payment, you can still file your return prior to April 18th.  You just need to make sure your payment is postmarked (if mailing) or electronically paid by April 18th to be considered on time.

Another way to prevent tax fraud is to obtain an Identity Protection PIN (IP PIN) from the IRS.  This six-digit number is known only to you and the IRS and should prevent a scammer from filing on your behalf even if they know your Social Security number.  Most taxpayers will be able to apply for an IP PIN online through the IRS website, but paper applications are also available for download.

Remember: the IRS will never ask you for your IP PIN, so phone calls, emails or texts asking for your IP PIN are scams.

If filing using tax prep software, promptly install updates

In addition to updating calculations to ensure your returns are accurate, tax prep software updates often also include patches to protect the security of data while in transit and in storage.  Computers running old software are more vulnerable to attacks, so it’s important to install any software updates promptly.  Also, make sure your operating system and antivirus software are up-to-date and be sure to use a strong Wi-Fi password to prevent unauthorized access to your home network.

If using a professional for tax prep, ask about their cybersecurity protections

While less common, accounting firms are also targeted by scammers, so it’s still important to be vigilant even if using a professional.  If asked to upload documents, make sure your professional uses a secure platform or encrypted file-transfer system.  You might also ask how they store and backup the data to ensure its security, or even how their office is secured.  And with more and more professionals working remotely these days, it would also be prudent to ask about the security of home Wi-Fi networks and whether your professional uses a virtual private network (VPN).

Other cybersecurity measures

While not specifically related to cyber tax fraud, we’ve received a number of questions from clients recently about phishing, email and text scams and how to protect sensitive personal information from getting on the web.  Following are a few additional suggestions to consider:

  • For phishing, scam, and spam emails, don’t just delete them but also block the sender and move the email into your junk or spam folder so they’re flagged as such.
  • Remember that your bank, credit card company, financial institutions or the IRS will never call, email or text asking for your account number, PIN or password.
  • Scrutinize links sent via email or text and do not click them if you’re unsure. Did you get texted a link saying your Dunkin Donuts order is ready, but you didn’t order anything from Dunkin Donuts?  Don’t click it.  Did you get texted a link with tracking information from FedEx and you are expecting a package?  Unless you’re certain of the sender, maybe try going to the FedEx website directly and searching for your package instead of clicking on the link.
  • Consider using a password manager so you can easily and frequently update passwords without having to try to remember them all. Use a combination of letters, numbers and characters for the highest protection.  Enable multi-factor authentication, which requires you to enter your password plus a unique one-time code, for all websites that offer it, but especially for financial institutions and your email account(s).
  • If you’re concerned that sensitive personal information (address, Social Security number, financial account numbers, etc.) is searchable on the web, you can request to have this information removed by Google. To begin the process, type into the Google search engine “remove select personally identifiable info from Google” and the Google Help Center should be the first entry with steps to enter a request for removal.




The views expressed represent an assessment at a specific point in time, are opinions only and should not be relied upon as investment advice regarding investments, strategies, sectors or markets in general.  The above commentary has been obtained from sources we believe are reliable, but we cannot guarantee their accuracy or completeness.  Past performance is no guarantee of future results.  This is not a complete analysis of every material fact.  All expressions of opinion are subject to change without notice.

The information contained in this document does not constitute the rendering of legal, accounting, or other professional advice or opinions on specific facts or matters.  Talk to your financial advisor before acting on information in this document.