Skip to main content Skip to main content

Tax-season security tips

Keep your information safe online.

By Corey Oxenbury

January 30, 2020

Overhead shot of man typing on laptop; words The return of tax season means a return of tax scams from cybercriminals. These scams can take many forms, including legitimate-looking websites or tax forms, but the goal is always the same: to separate you from your money, your identity or anything of value within the criminals’ reach. While it’s always important to take steps to minimize your risk of identity theft and other online-related crimes, it’s especially important at this time of year. Below are some signs to look for and basic precautions you can take to minimize risk and avoid becoming the next victim.

Warning signs of an online tax scam:

  • An email or link requesting personal and/or financial information, such as your name, Social Security number, bank or credit-card account numbers, or any additional security-related information.
  • Emails containing various forms of threats or consequences if no response is received, such as additional taxes or blocking access to your funds.
  • Emails from the IRS or federal agencies. The IRS will not contact you via email.
  • Emails containing exciting offers, tax refunds, incorrect spelling and/or grammar, or odd phrasing throughout.
  • Emails discussing “changes to tax laws.” These email scams typically include a downloadable document (usually in PDF format) that purports to explain the new tax laws. However, unknown to many, these downloads are almost always populated with malware that, once downloaded, will infect your computer.

How to avoid being a victim:

  • Never send sensitive information in an email. Information sent through email can be intercepted by criminals. Make sure to consistently check your financial account statements and your credit report for any signs of unauthorized activity.
  • Secure your computer. Ensure that your computer has the latest security updates installed. Check that your antivirus and antimalware software is running properly and receiving automatic updates from the vendor. If you haven’t already done so, install and enable a firewall.
  • Carefully select the sites you visit. Safely searching for tax forms, advice on deductibles, tax preparers and other similar topics requires great caution. Never visit a site by clicking on a link sent in an email, found on someone’s blog, or seen in an advertisement. The websites you land on might look like legitimate sites, but they can also be very well-crafted fakes.
  • Be wise with Wi-Fi. Wi-Fi hotspots are intended to provide convenient access to the internet, but this convenience can come at a cost. Public Wi-Fi is not secure and is susceptible to eavesdropping by hackers. Never use public Wi-Fi to look at financial documents or file your taxes.
  • Look for clear signs. Common scams will tout tax rebates, offer great deals on tax preparation or offer a free tax-calculator tool. If you did not solicit the information, it’s likely a scam.
  • Be on the watch for fake IRS scams. The IRS will not contact you via email, text messaging or your social network, nor does it advertise on websites. Additionally, if an email appears to be from your employer or bank claiming there is an issue that requires you to verify personal information, this is most likely a scam as well. Don’t respond to these types of emails; always contact the entity directly and through familiar channels.
  • Maintain healthy password practices. Cybercriminals will sometimes know old usernames and passwords from websites or systems that were breached and try to use them on other systems; regularly changing your passwords and keeping them unique among systems will make these old passwords useless. Cybercriminals have also developed programs that automate the ability to guess your password; making complex passwords means they are much harder to guess, even for a program.

If you receive a suspicious tax-related email, the IRS encourages you to forward the original suspicious email (with headers or as an attachment) to its email account or to call the IRS at 800-908-4490. If you receive a suspicious email (tax-related or otherwise) in your MSU Denver email account, please forward it to as well.

More information about tax scams is available on the IRS website and in the IRS Dirty Dozen list of tax scams.

Original article by the Center for Internet Security: New year, new you … same W-2 tax scam.

Topics: Cybersecurity, Safety, Technically Speaking

Edit this page