You receive an email from your tax software provider: "There's been some unusual activity on your account," it reads. "Please click on this link to reset your password."
On the website, you log in, unwittingly providing criminals access to a trove of personal data, including your Social Security number, bank account information, address and salary.
That's because that email and website didn't actually belong to your tax software provider but to a so-called "phisher," who used your log in information to break into your real account. Such attacks are on the rise — recently, the IRS warned of a "phishing epidemic."
Now a new report by Global Cyber Alliance, a cyber-security research firm based in New York and London, found that some of the most popular tax software providers don't use enough email protections to secure communications with customers.
Those include: FreeTaxUSA, TurboTax, H&R Block and TaxAct.