Everywhere you turn, there are bad actors trying to steal your online data. If you’re anything like me, you get a lot of messages trying to lure you into providing private data. How can you trust that your online tax preparer isn’t doing the same thing, or that someone isn’t acting like a person you trust?
Are you being asked to provide information in a different way than usual?
If you’ve always used a client portal to provide information to your preparer and someone calls you and says “Quick, I need your social security number in order to file your return” – odds are you already provided that information and don’t need to provide it again. When in doubt, stick to methods you’ve used before. Or call your preparer at the number you know to be true (rather than what you see on someone’s Caller ID) to make sure you’re getting to the right person.
Also note that e-mail is not generally considered a secure method of communication. If you e-mail your W-2 to your preparer, it’s passing through many servers on the way, all of which will be able to see the information on there (including your Social Security Number, Name, Address, Employer, and Salary information). It’s generally going to be safer to upload it through a client portal (as long as you trust it’s the correct portal) or even fax is better than e-mail, as it will generally go directly from your system to the recipient’s system.
Are you being asked to provide information in a hurry?
Sure, tax season can be stressful. And when you’re working on a deadline, things can happen fast. Bad actors often rely on urgency as a tactic to make you act before thinking. Almost everything can wait at least some amount of time – if you’re getting close to the filing deadline, an extension can be requested to extend the amount of time you have to file. If something seems odd, it probably is – trust your instincts.
are you being asked for gift cards?
Let me be very clear here: The IRS does not accept gift cards as payment for your taxes (although prepaid debit cards are another story). The IRS will not call you and say “We need you to clear this up right now, please buy some gift cards and read us the numbers over the phone”. If this happens, hang up and call the police – this is a scam.
As part of filing your return, you can optionally provide your bank account information and the IRS will directly debit the amount on a date of your choosing. If you choose not to do that, the IRS provides many convenient payment methods – including cash (learn more about the options here: Payments | Internal Revenue Service (irs.gov). In general, you won’t be paying your tax due to your tax preparer – you should remit that directly to the IRS, and pay your preparer for the work they have done in preparing and filing your return.
Did you receive a letter and aren’t sure it came from the IRS?
You have some options here.
First, you can check your online transcript through the IRS website: Get your tax records and transcripts | Internal Revenue Service (irs.gov). There is no cost for this service – you sign up online and receive immediate access.
Second, if you work with an Enrolled Agent (EA) or Certified Public Accountant (CPA), you can sign a Power of Attorney form and allow them to pull your transcripts on your behalf. With the correct form, you can allow them to contact the IRS on your behalf if needed. We offer a free discovery call to take a look at any letter you may receive and offer up solutions – visit our Contact Us page to schedule one today!
Finally, you can call the IRS yourself. You’ll find all of the information you need here: Let us help you | Internal Revenue Service (irs.gov)
How can I stay safe online?
- Make sure websites you visit where you’re providing sensitive data have the lock on the address bar and start with “https://” – this ensures you have security between your machine and the website, making it less likely that a bad actor will be watching your data in transit.
- When popup windows start asking for more information, close them and shut down your browser. Don’t download anything without knowing what it is and why you’re downloading it.
- Ensure you have appropriate security software on your computer. Windows Defender is a great option for this, and is included with Windows. There are additional tools to help prevent malware like Malwarebytes.
- Don’t share sensitive data when connected to unsecured WiFi Access Points. If you didn’t have to enter a password to connect, assume it isn’t secure. If you did have to enter a password, ensure you trust whomever is running it. When in doubt, utilize a cell phone hotspot, or wait until you return to a known WiFi network to share sensitive data.
- Use strong passwords on all websites, and don’t reuse passwords. Consider a password manager, such as 1Password.
- Use Multi-Factor Authentication whenever possible.
Hopefully these ideas will help you stay safe online! When in doubt, trust your instincts, and verify the person is who they say they are before sharing personal information with them.
