Pelosi also said it's "irrelevant" whether approving the USMCA trade deal would give President Donald Trump a victory ahead of the 2020 election.Politicsread more
Brent crude oil jumped the most in history in the previous session after attacks on Saudi's oil industry disrupted the kingdom's production.Marketsread more
General Motors stands to lose hundreds of millions of dollars in lost production as a United Auto Workers union strike against the automaker enters its second day, but Wall...Autosread more
The fallout from two fatal crashes of Boeing 737 Max planes has ensnared the manufacturer's most-loyal customer: Southwest Airlines. The carrier has canceled thousands of...Airlinesread more
Damage to the top OPEC producer's oil facilities ignited fears of supply disruption around the world and has sent crude prices soaring.Energyread more
"It is really a tale of pretty failed governance, almost of the highest order, short of something fraudulent," says the tech investor.Deals and IPOsread more
Private equity firm 3G Capital Partners discloses that it sold 25.1 million shares of Kraft Heinz, bringing its stake down by about 9%.Marketsread more
"That leads the developed world to say to China: 'We've got to rebalance this. It's working for you. It's not working for us,'" says the billionaire Blackstone co-founder.Economyread more
Microsoft founder Bill Gates added $16 billion to his net worth this year, despite giving away over $35 billion to charity, according to Bloomberg.Wealthread more
According to a new report, consumers ages 14 to 24 overwhelmingly prefer physical stores for shopping, largely for mental health reasons.Retailread more
Uber and Lyft drivers are protesting their pay and working conditions. CNBC spoke with the company's drivers about how their financial lives are faring.Personal Financeread more
You receive an email from your tax software provider: "There's been some unusual activity on your account," it reads. "Please click on this link to reset your password."
On the website, you log in, unwittingly providing criminals access to a trove of personal data, including your Social Security number, bank account information, address and salary.
That's because that email and website didn't actually belong to your tax software provider but to a so-called "phisher," who used your log in information to break into your real account. Such attacks are on the rise — recently, the IRS warned of a "phishing epidemic."
Now a new report by Global Cyber Alliance, a cyber-security research firm based in New York and London, found that some of the most popular tax software providers don't use enough email protections to secure communications with customers.
Those include: FreeTaxUSA, TurboTax, H&R Block and TaxAct.
To be sure, the report determined the safety of these providers based on just one criterion — whether or not they use a highly secure method known as DMARC (Domain-based Message Authentication, Reporting & Conformance), which weeds out phony emails from phishers.
FreeTaxUSA and TurboTax have the DMARC protocol in place, but neither are using it to block fake emails, and H&R Block and TaxAct are not using the method at all, the report said.
It found that Liberty Tax was the only one of the top tax software providers (based on a PC Magazine ranking of tax software) that uses DMARC to reject phishing emails.
Almost half of taxpayers who file federal income taxes use tax prep software, according to personal finance website NerdWallet. In 2016, one in 131 emails contained malware, the highest rate in 5 years, according to Symantec, a digital security company.
"One of the best ways to stop phishing is to deploy DMARC," said Philip Reitinger, president and CEO of Global Cyber Alliance.
The tax software companies disagree.
The report's method was narrow and cannot come to a conclusion about a company's security, said Matt Gause, of FreeTaxUSA.
"The Global Cyber Alliance report only tells part of the security story," Gause said, describing the other protective measures it takes.
He said those include DomainKeys Identified Mail or "DKIM," which verifies email senders and Sender Policy Framework or "SPF," which prevents sender address forgery. It's also in the process of updating its DMARC protocol, Gause said.
A spokeswoman for TurboTax echoed that message.
"TurboTax takes the security of our customers and their data seriously," said Lisa Greene-Lewis, senior communications manager at TurboTax. "We leverage DMARC and an array of security protocols and best practices while engaging with our customers."
Tom Collins, vice president of corporate communications at H&R Block, said it takes the protection of emails very seriously.
"We continue to assess the threat and available tools in the ongoing effort to combat phishing attacks," Collins said.
TaxAct did not respond to a request for comment.
Although DMARC is not the only way to block these attacks, it's a very good one, said Giovanni Di Crescenzo, an adjunct professor at the New York University Tandon School of Engineering who researches phishing.
"The number of attacks are rising and consumers should chose the service that provides the highest level of security," Di Crescenzo said.
A quick glance at the email address might have you believe it's legitimate, but if you scroll over it with your mouse, you'll see that the address is completely different — and suspicious.
Same goes for any website an email directs you to: double check the URL and look for any warning signs, for example, the TurboTax website you're looking at is not in fact TurboTax's website.
Another popular phishing method is to get you to click on a link in the email, which then installs malware that could potentially give hackers free reign to your computer.
Try not to click on any links within an email, said Engin Kirda, professor at the College of Computer and Information Science at Northeastern University.
"If you can avoid this, you will be much safer against attacks," Kirda said.
If you have to click: Do it on a smartphone, which are still less targeted by hackers than traditional desktop, he said.
The Global Cyber Alliance recommends never emailing personal or sensitive information.
Your tax software provider typically should only require you to input such data by logging directly into your account.
Install a "Domain Name System" (DNS) security solution that will help to block malicious website links should a phishing email make it to your inbox, says the Global Cyber Alliance.
"DNS is a great way for people to protect themselves," Reitinger said.
Should you suspect you've been attacked, make sure your credit score is protected by freezing it at Equifax, Transunion and Experian.
"This does cost something like $5, but it is totally worth it," Kirda said. "Attackers cannot access it."
You should also change your password immediately.
"Be vigilant," Kirda said. "Always monitor all your bank accounts and credit and contact the authorities as soon as you spot something suspicious."
Phishing is not the only tax scam. People need to be aware of the risks from these fake returns and others schemes, which are increasingly on the rise.