Concerns about tax security are leading experts to encourage Americans to file their personal returns as soon as possible.

According to NBC Nightly News, early submission can help taxpayers thwart the growing faction of cybercriminals seeking to commit tax fraud. Other recommended security measures include using personal identification numbers (PINs) and looking out for fraudulent communications from criminals impersonating the Internal Revenue Service (IRS).

Experts Weigh In on the State of Tax Security

Tax-related scams jumped by as much as 400 percent last year, NBC reported. The IRS warned that rates could be even higher through 2017, especially given that the slew of high-profile attacks over the past year involving sensitive information.

IBM Security Vice President Caleb Barlow told NBC that taxpayers should take proactive steps to stop cybercriminals in their tracks. “One of the big things you can do is file early because once you’ve filed, it’s going to be nearly impossible for them to submit a fraudulent claim,” he said.

Etay Maor, a senior fraud prevention strategist at IBM Security, gave NBC reporters a look at the type of potential tax fraud that takes place on the Dark Web via the firm’s Cyber Command Center. He noted that criminals sell prepared, fraudulent tax documents for between $40 and $60 per record.

“They try to file the tax returns before you so they can collect on your money before you can,” said Maor. To prevent fraudulent claims, NBC reported, individuals should:

  • Establish a six-digit PIN with the IRS to ensure that data is safe and secure.
  • Beware of emails or phone calls from the IRS, since these are almost always fake.

Understanding the Wider Threat

The concept of cybercriminals hijacking tax returns is not new, and the IRS has previously advised the public and businesses of all sizes to implement security measures to combat this type of fraud. However, it’s important to look at this problem in the context of the more than 1,500 data breach incidents that occurred in the U.S. in 2017, according to the Identity Theft Resource Center.

This record total, combined with the growth of Dark Web forums designed specifically for the illegal sale and purchase of sensitive information, should put Americans on high alert this tax season. Watch the full video below for more information.

More from

2022 Industry Threat Recap: Finance and Insurance

The finance and insurance sector proved a top target for cybersecurity threats in 2022. The IBM Security X-Force Threat Intelligence Index 2023 found this sector ranked as the second most attacked, with 18.9% of X-Force incident response cases. If, as Shakespeare tells us, past is prologue, this sector will likely remain a target in 2023. Finance and insurance ranked as the most attacked sector from 2016 to 2020, with the manufacturing sector the most attacked in 2021 and 2022. What…

X-Force Prevents Zero Day from Going Anywhere

This blog was made possible through contributions from Fred Chidsey and Joseph Lozowski. The X-Force Vulnerability and Exploit Database shows that the number of zero days being released each year is on the rise, but X-Force has observed that only a few of these zero days are rapidly adopted by cyber criminals each year. While every zero day is important and organizations should still devote efforts to patching zero days once a patch is released, there are characteristics of certain…

And Stay Out! Blocking Backdoor Break-Ins

Backdoor access was the most common threat vector in 2022. According to the 2023 IBM Security X-Force Threat Intelligence Index, 21% of incidents saw the use of backdoors, outpacing perennial compromise favorite ransomware, which came in at just 17%. The good news? In 67% of backdoor attacks, defenders were able to disrupt attacker efforts and lock digital doorways before ransomware payloads were deployed. The not-so-great news? With backdoor access now available at a bargain price on the dark web, businesses…

Hack-for-Hire Groups May Be the New Face of Cybercrime

Google’s Threat Analysis Group (TAG) recently released a report about growing hack-for-hire activity. In contrast to Malware-as-a-Service (MaaS), hack-for-hire firms conduct sophisticated, hands-on attacks. They target a wide range of users and exploit known security flaws when executing their campaigns. “We have seen hack-for-hire groups target human rights and political activists, journalists and other high-risk users around the world, putting their privacy, safety and security at risk,” Google TAG says. “They also conduct corporate espionage, handily obscuring their clients’ role.”…