February 2, 2018 By Mark Samuels 2 min read

Concerns about tax security are leading experts to encourage Americans to file their personal returns as soon as possible.

According to NBC Nightly News, early submission can help taxpayers thwart the growing faction of cybercriminals seeking to commit tax fraud. Other recommended security measures include using personal identification numbers (PINs) and looking out for fraudulent communications from criminals impersonating the Internal Revenue Service (IRS).

Experts Weigh In on the State of Tax Security

Tax-related scams jumped by as much as 400 percent last year, NBC reported. The IRS warned that rates could be even higher through 2017, especially given that the slew of high-profile attacks over the past year involving sensitive information.

IBM Security Vice President Caleb Barlow told NBC that taxpayers should take proactive steps to stop cybercriminals in their tracks. “One of the big things you can do is file early because once you’ve filed, it’s going to be nearly impossible for them to submit a fraudulent claim,” he said.

Etay Maor, a senior fraud prevention strategist at IBM Security, gave NBC reporters a look at the type of potential tax fraud that takes place on the Dark Web via the firm’s Cyber Command Center. He noted that criminals sell prepared, fraudulent tax documents for between $40 and $60 per record.

“They try to file the tax returns before you so they can collect on your money before you can,” said Maor. To prevent fraudulent claims, NBC reported, individuals should:

  • Establish a six-digit PIN with the IRS to ensure that data is safe and secure.
  • Beware of emails or phone calls from the IRS, since these are almost always fake.

Understanding the Wider Threat

The concept of cybercriminals hijacking tax returns is not new, and the IRS has previously advised the public and businesses of all sizes to implement security measures to combat this type of fraud. However, it’s important to look at this problem in the context of the more than 1,500 data breach incidents that occurred in the U.S. in 2017, according to the Identity Theft Resource Center.

This record total, combined with the growth of Dark Web forums designed specifically for the illegal sale and purchase of sensitive information, should put Americans on high alert this tax season. Watch the full video below for more information.

More from

SpyAgent malware targets crypto wallets by stealing screenshots

4 min read - A new Android malware strain known as SpyAgent is making the rounds — and stealing screenshots as it goes. Using optical character recognition (OCR) technology, the malware is after cryptocurrency recovery phrases often stored in screenshots on user devices.Here's how to dodge the bullet.Attackers shooting their (screen) shotAttacks start — as always — with phishing efforts. Users receive text messages prompting them to download seemingly legitimate apps. If they take the bait and install the app, the SpyAgent malware gets…

Exploring DORA: How to manage ICT incidents and minimize cyber threat risks

3 min read - As cybersecurity breaches continue to rise globally, institutions handling sensitive information are particularly vulnerable. In 2024, the average cost of a data breach in the financial sector reached $6.08 million, making it the second hardest hit after healthcare, according to IBM's 2024 Cost of a Data Breach report. This underscores the need for robust IT security regulations in critical sectors.More than just a defensive measure, compliance with security regulations helps organizations reduce risk, strengthen operational resilience and enhance customer trust.…

What Telegram’s recent policy shift means for cyber crime

4 min read - Since its launch in August 2013, Telegram has become the go-to messaging app for privacy-focused users. To start using the app, users can sign up using either their real phone number or an anonymous number purchased from the Fragment blockchain marketplace. In the case of the latter, Telegram cannot be linked to the user’s real phone number or any other personally identifiable information (PII).Telegram has also long been known for its hands-off moderation policy. The platform explicitly stated in its…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today