While you may be breathing sighs of relief with the tax day now a week behind us, keep in mind that your tax returns may still return to haunt you.
The time after users file taxes is prime for spammers to send out phishing attacks, pretending to ask users for more information on financial documents or tax data.
“People just have out-of-the-box trust for things that show up in our e-mail inboxes,” said Phillip Soloweszyk, who is the director of identity and Windows consulting services at Dell.
Soloweszyk cautioned that users should remember that neither banks or governments will ever ask users for their passwords by e-mail and that even if a message claiming to be from the bank looks legitimate, users should always delete these e-mails immediately. If you’re worried you may be deleting important information, call your bank or its customer service line to confirm, he said.
People should also be on the lookout for attachments in e-mails, which could infect a computer with malicious software, Soloweszyk said. Users should never open an attachment unless it’s from someone they know, and even then users should be wary of attachments they aren’t expecting. Users can secure their own machines, he said, but they could still be vulnerable to attacks if they open a message from friends or family members who have been hit by an attack.
Looking ahead to next year, Soloweszyk had some tips for Internet users to keep their tax documents secure.
First, be sure to use a new password and username when using a Web-based tax preparer service. Sharing passwords from e-mail, social networks or other online accounts to too much risk particularly since those types of accounts are high-profile targets for hackers.
Tax information puts “so much identifiable information in one place,” Soloweszyk said. “This information should have its own security rather than relying on other potentially insecure accounts.”
He also recommended that if users put their tax documents online, that they use a single service protected by a strong password. Even better, some services offer an extra layer of security by requiring users to enter a second code, often sent to their smartphones, to log in to services, in addition to the usual username and password.
“Centralize in one place and then make sure that one place is as secure as possible,” he advised.
Sign up today to receive #thecircuit, a daily roundup of the latest tech policy news from Washington and how it is shaping business, entertainment and science.