How to Defend Against Identity Theft This Tax Season
Technology Editor, CNBC.com
Tax season is a busy time for cybercriminals.
During the first nine months of 2012 there was a 62 percent increase in the number of identity theft cases detected by the IRS.
(Read More: 10 Ways Companies Get Hacked )
Cybercriminals are prowling the web for ways to access people's personal information so they can cash in on their identity. The hackers have various ways of stealing taxpayers identity, including the use of social media and malicious websites to lure and harm taxpayers.
One reason cyberattacks increase around tax season is because the same cybercriminals are also taxpayers, said Dmitry Bestuzhev, head of Latin American global research and analysis at the computer security company Kaspersky Lab.
(Read More: Some Victims of Online Hacking Edge Into the Light)
"They know when tax season is and how the taxes are paid. They understand the worries and attitudes of the taxpayers in terms of the tax submissions and so on. So in turn, they just take advantage of the situation," Bestuzhev said. "Having background knowledge that people are expecting to get messages from IRS or other agencies, it makes it much easier to pitch the victims than in any other season."
However, there are precautions taxpayers can take to prevent their financial or personal information from being stolen.
(Read More: The White House Gets Friendly With Hackers)
Here are nine tips from Kaspersky Lab for keeping your data safe this tax season.
1. Check Electronic Filing Service
Make sure that the electronic filing service you are using is registered on the IRS website.
2. Check Social Media Accounts
It's important to monitor your social media presence and make sure that there are no accounts created in your name. You can Google your name to check for any Facebook or LinkedIn accounts that you may not have created.
"On occasion social networks are being abused to distribute targeted taxpayers malware, especially Facebook and Twitter," Bestuzhev said.
3. Beware of Facebook Scam Messages
One way cybercriminals are targeting taxpayers is through the Facebook newsfeed, according to Kaspersky. People should not click on tax related messages in their feed because it could direct users to a phishing website.
Bestuzhev said that in the first stage of a social media identity hack, at least one social network account is compromised, then the cybercriminal uses the victim's name to mass message all of their contacts.
(Read More: US Is Developing Aggressive Penalties for Cybertheft)
"It gets sent to all contacts of the victim with a high amount of social engineering content. The content of the message could be anything, for example "I deducted my taxes. See how I did it" or something like "See how I got back my 1k from taxes," Bestuzhev said.
"Once a friend of the initial victims clicks the link, they also get infected and a new wave of malicious messages are sent to their friends. It's like a pyramid."
4. Boost Your Overall Cybersecurity
One of the primary ways to help protect is by keeping antivirus and anti-spam software up to date. All software security patches should be updated, as well.
Strong passwords are also key to making sure your information is safe. Be sure to create a password for your online tax return that includes letters, numbers and other characters, like punctuation marks.
5. Don't Email the IRS
Email is the most popular way hackers are targeting taxpayers, Bestuzhev said.
"The first step is by sending massive fraud emails to the potential victims. With their machines now infected, the cybercriminals will extract stored information from the victim's hard drive, as well as any 'on-the-fly'information, such as information that is being typed in to the computer or Internet in real time," he said.
So if you get an email from the IRS, do not respond, Kaspersky researchers warn, because the agency does not send email to contact taxpayers.
Bestuzhev said you can report a suspicious malicious email on the IRS website.
6. Don't Download Tax Related Documents
Steer clear of downloading any documents or clicking on any links in tax-related emails.
Malware can infect your computer by clicking on one bad link or download. The malware can gather information about you and send it back to the cybercriminals that planted it in the email.
"All a cybercriminal needs is to first infect the victim's machine. Generally, the malware used to infect a machine is called a 'Trojan-Spy.' It means it can steal just about any information and is not limited to online banking credentials, but any information including the information saved on the local hard drive such as scanned documents, passports, social security cards and so on," Bestushev said. "The Trojan searches for any valuable information in the local system and then sends it back to the criminal."
The same malware can also intercept any online transactions, such as when you enter your social security number, pin or password. The stolen information is then sent to the black-market where it is sold to the highest bidder, Bestuzhev said.
7. Watch Your Search
If you are searching for a tax document, don't use a web browser. Instead go to the IRS website or other official government websites to find the document you need.
Cybercriminals can optimize a malicious site that targets people searching for tax-related materials. If you search for a tax document in a web browser, you are leaving yourself open to being lured to a site that could steal personal information.
8. Don't Save Tax Docs on Hard Drive
Chances are after you file your taxes online you will be given the option to save your tax documents to your computer. Don't do it.
Instead, Kaspersky researchers recommend storing tax documents on a flash drive or burning the data to a CD and then store it in a secure place.
9. Choose Your Computer Carefully
Don't use a public or unprotected computer to file your taxes. There is no way to know if its been infected with spyware or other harmful software that can save and steal your personal information. Use your own personal computer and make sure the security software is current.