Cybersecurity Tips from the IRS
The holidays are also the prime season for criminals shopping for credit card numbers, financial account information, Social Security numbers and other sensitive data. Cybercriminals seek to turn stolen data into quick cash, either by draining financial accounts, charging credit cards, creating new credit accounts or using stolen identities to file a fraudulent tax return for a refund.
In addition to its specific recommendations for online security, the IRS says people can take a couple of additional steps several times a year to make sure they have not become an identity theft victim.
One is to receive a yearly free credit report from each of the three major credit bureaus, and check it for any unfamiliar credit changes.
Another is to create a “My Social Security” account online with the Social Security Administration on which users can see how much income is attributed to their SSN. This can help determine whether someone else is using the SSN for employment purposes.
Following are the IRS’s seven steps to help with online safety and protect tax returns and refunds in 2018.
- Shop at Familiar Online Retailers
The IRS notes that sites using the “s” designation in “https” at the start of the URL are generally secure. Users should look for the “lock” icon in the browser’s URL bar. This is not 100% accurate as some criminals can obtain a security certificate, so the “s” may not always vouch for the site’s legitimacy.
- Avoid Unprotected Wi-Fi
Unprotected public Wi-Fi hotspots may allow thieves to view transactions. Do not to engage in online financial transactions if you are using unprotected public Wi-Fi. Also be aware of purchases at unfamiliar sites or clicking on links from pop-up ads.
- Learn to Recognize and Avoid Phishing Emails
These emails pose as a trusted source, such as financial institutions or the IRS, and may suggest that a password is expiring or an account update is needed. The criminal’s goal is to entice users to open a link or attachment. If you aren’t expecting an email from a specific company, then it probably is not real. You can always call the company in question to verify.
- The link may take users to a fake website that will steal usernames and passwords
- An attachment may download malware that tracks keystrokes
- Keep Computers, Phones and Tablets Clean
Using security software to protect against malware that may steal data and viruses that could damage files is a must. The software should be set to update automatically so that it always has the latest security defenses. As well, firewalls and browser defenses should always be active. “Free” security scans or pop-up advertisements for security software are to be avoided.
- Use Strong, Long and Unique Passwords
According to the IRS, experts suggest a minimum of 12-character passwords, but says “longer is better.” It says longer phrases are better than a specific word, and recommends the use of a combination of letters, numbers and special characters. Each account should have its own password. A password manager can help keep track of multiples ones.
The National Institute of Standards and Technology recommends that users create simple — but still long — passwords that are easy to remember.
- Use Multi-Factor Authentication
Some financial institutions, email providers and social media sites allow users to set accounts for multi-factor authentication. This means users may need a security code, which is usually sent as a text to a mobile phone, in addition to usernames and passwords. Some financial institutions will also bolster protection by sending email or text alerts when a withdrawal or change to the account takes place.
- Encrypt and Password-Protect Sensitive Data
Anyone keeping financial records, tax returns or any personally identifiable information on a computer should encrypt and protect these data with a strong password, see above. You should also back up important data to an external source, such as an external hard drive. When it is time to dispose of a computer, a mobile phone or a tablet, it’s important to wipe the hard drive of all information before trashing.
Its very important to protect yourself, especially this time of year. Doing so will make sure your holiday season is more enjoyable.