Quick! File your taxes before a hacker does it for you

  • Tony Bradley (PC World (US online))
  • 14 February, 2015 07:41

It's tax season! You might not want to put off filing your taxes this year. If you're not quick, you might find that someone else has already filed a fraudulent tax return in your name.

There are only a few things someone needs to file a tax return as you. Armed with your name, address, and Social Security number it's relatively easy to file a tax return in your name. The details beyond that don't matter too much, and the hacker can receive the refund dollars and have them spent before you even realize the fraudulent return was filed.

Here are four things you should do to guard against a fraudulent tax return being filed in your name, and to protect your credit and identity in general:

  • File your returns as early as possible. Tax season began on January 31st and runs through April 15th. In order to prevent someone else from filing under your name, submit your tax returns as soon as possible.
  • Watch out for phishing scams. If you receive an email or text message from the IRS asking for any personal information, do not reply nor click on any links. All correspondence originating from the IRS will be sent as a hard copy via snail mail and will never ask for such information over digital communications. Instead of replying, forward these messages to
  • Monitor your credit report. It is recommended that you check your credit report for suspicious activity at least twice a year. Spotting signs of identity theft before tax season rolls around can prevent headaches later on.
  • Install comprehensive security software. Without the proper precautions set around your digital devices, cybercriminals may have access to your electronic tax forms, medical information, home lease, or other confidential documents that are intended for your eyes only. To keep your data and SSN out of the hands of fraudsters, install security software to protect your data and identity on all of your devices.

Gary Davis, chief consumer security evangelist for Intel Security, also suggests being vigilant about guarding your Social Security number in the first place. He urges consumers to exercise skepticism over which websites, companies, and corporations deserve access to your SSN. Davis says, "Do not provide it over the phone or via email, and leave it blank on forms when possible. If you have any doubts or feel uncomfortable providing it--always ask why the requesting party needs it or don't give it out."

How identity theft tax fraud could be thwarted

Thanks to massive data breaches like the recent compromise of Anthem, or the breach at Target, identity thieves have plenty of ammunition to work with. Hundreds of millions of names, addresses, and Social Security numbers that have been exposed. There's nothing you can really do about protecting that data once it's been exposed to attackers.

We need stronger controls in place to verify that the person filing the return is legitimate. "Too much information is already available about us based on our online identities; we need something better. Thankfully things like biometrics are becoming far easier to implement," explained Garve Hayes, solution architect with NetIQ.

Marc Maiffret, CTO of BeyondTrust, stressed that filing taxes should require two-factor authentication. "Such technology makes it where an attacker needs your username and password plus a randomly generated code from something like your smart phone. This is something supported by Google, Facebook, Microsoft and many other online services but has yet to be widely adopted by online financial institutions from banks to tax filing."

Until the IRS and tax filing services take steps to make the filing process more secure, anyone with your name, address, and Social Security number can potentially file a fraudulent return in your name. Make sure you file early and beat them to it.