Organizers claimed that nearly 2 million Hong Kong protesters took to the streets Sunday in a rally to demand the city's top official resign a day after she suspended — but...China Politicsread more
Heavy rains caused unprecedented delays in planting this year and contributed to record floods across the central United States.Agricultureread more
Although Cook did not mention companies by name, his commencement speech in Silicon Valley's backyard mentioned data breaches, privacy violations, and even made reference to...Technologyread more
U.S. ambassador to Israel David Friedman called the gesture a "birthday present" to Trump, who turned 73 on Friday.Politicsread more
The agreement, which is on the framework for the plan of adjustment, provide for more than a 60% average haircut for all $35 billion, a 36% haircut on pre-2012 general...Bondsread more
In the survey, 66% of Democratic primary voters say they'd be enthusiastic or comfortable about Biden as their nominee to take on President Trump in the 2020 election. Just...Politicsread more
Target's registers were down on Saturday for several hours preventing customers from checking out.Retailread more
The newspaper wrote that Goldman's executive are hoping CEO David Solomon's changes to a firm that historically thrived in investment banking and trading will boost its...US Marketsread more
The Fed is not likely to make a move on interest rates when it meets next week, but it should clear the way for a rate cut later in the summer.Market Insiderread more
Representatives from the Chinese side say they think it likely that Chinese President Xi Jinping will attend the G-20 meeting later this month. But in order to reach a trade...China Economyread more
With uncertainty keeping a lid on U.S. stocks, Ed Clissold of Ned Davis Research says the rest of 2019 is likely to be a "choppy," but somewhat opportunistic, ride for...Futures Nowread more
You receive an email from your tax software provider: "There's been some unusual activity on your account," it reads. "Please click on this link to reset your password."
On the website, you log in, unwittingly providing criminals access to a trove of personal data, including your Social Security number, bank account information, address and salary.
That's because that email and website didn't actually belong to your tax software provider but to a so-called "phisher," who used your log in information to break into your real account. Such attacks are on the rise — recently, the IRS warned of a "phishing epidemic. "
Now a new report by Global Cyber Alliance, a cyber-security research firm based in New York and London, found that some of the most popular tax software providers don't use enough email protections to secure communications with customers.
Those include: FreeTaxUSA, TurboTax, H&R Block and TaxAct.
To be sure, the report determined the safety of these providers based on just one criterion — whether or not they use a highly secure method known as DMARC (Domain-based Message Authentication, Reporting & Conformance), which weeds out phony emails from phishers.
FreeTaxUSA and TurboTax have the DMARC protocol in place, but neither are using it to block fake emails, and H&R Block and TaxAct are not using the method at all, the report said.
It found that Liberty Tax was the only one of the top tax software providers (based on a PC Magazine ranking of tax software) that uses DMARC to reject phishing emails.
Almost half of taxpayers who file federal income taxes use tax prep software, according to personal finance website NerdWallet. In 2016, one in 131 emails contained malware, the highest rate in 5 years, according to Symantec, a digital security company.
"One of the best ways to stop phishing is to deploy DMARC," said Philip Reitinger, president and CEO of Global Cyber Alliance.
The tax software companies disagree.
The report's method was narrow and cannot come to a conclusion about a company's security, said Matt Gause, of FreeTaxUSA.
"The Global Cyber Alliance report only tells part of the security story," Gause said, describing the other protective measures it takes.
He said those include DomainKeys Identified Mail or "DKIM, " which verifies email senders and Sender Policy Framework or "SPF, " which prevents sender address forgery. It's also in the process of updating its DMARC protocol, Gause said.
A spokeswoman for TurboTax echoed that message.
"TurboTax takes the security of our customers and their data seriously," said Lisa Greene-Lewis, senior communications manager at TurboTax. "We leverage DMARC and an array of security protocols and best practices while engaging with our customers."
Tom Collins, vice president of corporate communications at H&R Block, said it takes the protection of emails very seriously.
"We continue to assess the threat and available tools in the ongoing effort to combat phishing attacks," Collins said.
TaxAct did not respond to a request for comment.
Although DMARC is not the only way to block these attacks, it's a very good one, said Giovanni Di Crescenzo, an adjunct professor at the New York University Tandon School of Engineering who researches phishing.
"The number of attacks are rising and consumers should chose the service that provides the highest level of security," Di Crescenzo said.
A quick glance at the email address might have you believe it's legitimate, but if you scroll over it with your mouse, you'll see that the address is completely different — and suspicious.
Same goes for any website an email directs you to: double check the URL and look for any warning signs, for example, the TurboTax website you're looking at is not in fact TurboTax's website.
Another popular phishing method is to get you to click on a link in the email, which then installs malware that could potentially give hackers free reign to your computer.
Try not to click on any links within an email, said Engin Kirda, professor at the College of Computer and Information Science at Northeastern University.
"If you can avoid this, you will be much safer against attacks," Kirda said.
If you have to click: Do it on a smartphone, which are still less targeted by hackers than traditional desktop, he said.
The Global Cyber Alliance recommends never emailing personal or sensitive information.
Your tax software provider typically should only require you to input such data by logging directly into your account.
Install a "Domain Name System" (DNS) security solution that will help to block malicious website links should a phishing email make it to your inbox, says the Global Cyber Alliance.
"DNS is a great way for people to protect themselves," Reitinger said.
Should you suspect you've been attacked, make sure your credit score is protected by freezing it at Equifax, Transunion and Experian.
"This does cost something like $5, but it is totally worth it," Kirda said. "Attackers cannot access it."
You should also change your password immediately.
"Be vigilant," Kirda said. "Always monitor all your bank accounts and credit and contact the authorities as soon as you spot something suspicious."
Phishing is not the only tax scam. People need to be aware of the risks from these fake returns and others schemes, which are increasingly on the rise.