GO
Loading...

How to protect yourself when filing taxes online

More than 27 million taxpayers already have filed their taxes for 2013 from home computers, a process known as e-filing. As of this week, that's up 6 percent from 2012.

But the convenience of electronic filing also allows cybercriminals to file fraudulent tax returns—undetected—to the tune of $3.6 billion for tax year 2011, according to the most recent review by the Treasury Inspector General for Tax Administration.

Here's how to protect yourself when electronically filing taxes, according to cybersecurity experts CNBC interviewed.

(Read more: How to defend against identity theft this tax season)

Nick M. Do | E+ | Getty Images

Is that email really from the IRS?

A key strategy for fraudsters is to contact individuals via email, and to pretend to be the Internal Revenue Service, said Roel Schouwenberg, principal security researcher at Kaspersky Lab, which provides Internet security products and services. This is known as phishing. Unsuspecting users then click on links that allow malware to be downloaded on to computers.

Mustafa Rassiwala, a cybersecurity expert, said the suspicious emails can appear like legitimate requests for information.

" 'We have some problems with your account and I need to get access to your Social Security number, and your address' ... a lot of consumers unknowingly hand over this information," said Rassiwala, senior director of product management at cybersecurity company ThreatMetrix, which specializes is user authentication.

To clarify, the IRS will never send you any electronic communication, including emails and text messages, which ask for personal information. The IRS also advises if you get a suspicious email, you should not reply, click on links or open attachments. Instead, report suspicious emails to the IRS by forwarding them to phishing@irs.gov.

(Read more: Identity thieves gear up to steal your tax refund)

Protect your personal information

Beyond diving into suspicious-looking emails, there are additional steps you can take to protect personal information and prevent fraud.

For example, taxpayers should use a different password for tax filing than passwords to access other online accounts, Rassiwala said.

Don't file your taxes at public places including Starbucks. While many cafes offer free Wi-Fi, the connection could be intercepted by cybercriminals, according to Rassiwala. Instead, only file taxes from your home network, said Kaspersky Lab's Schouwenberg.

Also beware of social networking sites, where cybercriminals also lurk. "Now it's all about cybercriminals sitting in the comforts of their home and collecting this information that's freely available on social media sites," Rassiwala said. For example, if a cybercriminal sees children in your profile picture, they know to file for dependents if they're purporting to be you.

(Read more: Dangerous website attacks—and how to avoid them)

Watch out for cyberbreaches

Fraudulent e-filing is part of a broader problem of identity theft, which is growing. According to the Identity Theft Resource Center, more than 624 million records of personal information have been stolen since it began keeping track in 2005. This includes recent, high-profile breaches at Target, Sony and Living Social, an online deal site. Cybercriminals collect personal information—Social Security numbers, addresses and dates of birth—to file fraudulent tax returns.

Compounding the problem of data breaches, the IRS may have trouble authenticating users, Rassiwala said.

But in an email to CNBC, the IRS said processing improvements have been implemented for the current filing season.

The silver lining

E-filing taxes isn't all bad news. Unlike traditional paper filing, cyberthieves can leave behind digital clues for investigators when filing online. Digital records, for example, can telegraph Internet Protocol, or IP, addresses associated with computers and other devices.

Said Rassiwala, "If you have a user who is filing with the home address supposedly based in Florida and your IP address is coming from somewhere outside the United States, especially from countries that have been known to have fraudulent activities in the past, that should raise a red flag."

If you believe you are the victim of identity theft contact the IRS Identity Protection Specialized Unit at 800-908-4490, extension 245.

By CNBC's Jennifer Schlesinger. Follow her on Twitter @jennyanne211

For more CNBC coverage of cybersecurity, visit HackingAmerica.cnbc.com.

Symbol
Price
 
Change
%Change
TGT
---
6758.T
---

Featured

  • CNBC's senior correspondent and lead investigative reporter, Scott Cohn also appears on "NBC Nightly News with Brian Williams," "Today" and on MSNBC.

  • “Squawk on the Street” Co-Anchor

  • CNBC Washington Reporter

Investigations Inc.: Cyber Espionage

  • When a person enters information on a website, like an email or credit card, it gets stored in that company’s data base. Those web-based forms are a simple tool for users, but they are also another way hackers can exploit a company’s system. Instead of inputting a name into the website, cyber spies can put in a specially crafted text that may cause the database to execute the code instead of simply storing it, Alperovitch said. The result is a “malicious takeover of the system,” he said.

    By attacking business computer networks, hackers are accessing company secrets and confidential strategies and creating huge losses for the overall economy.

  • China is working feverishly to counteract its slowest GDP growth in recent years, and one of the ways it’s doing so, say U.S. officials, is through the theft of American corporate secrets.

  • US businesses are enduring an unprecedented onslaught of cyber invasions from foreign governments, organized crime syndicates, and hacker collectives, all seeking to steal information and disrupt services, cybersecurity experts say.

Technology

Technology Explained