The IRS identified $2.3 billion in tax fraud last year, and experts worry that the toll may be even higher this year as many Americans plan to file electronically for the first time.
About 63% of Americans plan to do their taxes online this year, according to McAfee's 2021 Consumer Security Mindset Report. Of those, about 12% will be filing their taxes online for the first time.
Scammers are waiting to take advantage, says Terry Hicks, executive vice president of McAfee's consumer business. "They roll with the times: Right now, a common target is stimulus checks from the federal government," he says.
"As we embrace the convenience of living our lives online, it makes sense to take a few steps to protect ourselves," Hicks says. "It's better to prevent a problem than to be in the position of fixing one."
Here are five ways you can help protect yourself from falling victim to a tax scam this year.
1. File early
If you haven't filed your tax returns already, prioritize getting them in as soon as possible. Every year, the IRS identifies many, many cases of identity theft where fraudsters use stolen personal information, including Social Security numbers, to file a tax return early in the season so they can claim a refund.
Hicks calls this "preventative care." The earlier you file, the less of a chance hackers have to file pretending to be you, he says.
If the IRS flags your tax return as a duplicate or you can't e-file because the system says you already filed, you will likely have to complete and submit the IRS's identity theft affidavit form. The IRS also recommends visiting IdentityTheft.gov to get a personalized recovery plan that includes alerting the credit bureaus, the Federal Trade Commission and even local police.
2. Look, but don't click
One of the more common methods that fraudsters use to get information is email phishing attacks. Typically, hackers send what's called a phishing email, in which they mimic a store, company or friend's email and include a link to a false portal asking for your information.
These emails occur year-round, but efforts usually ramp up around tax season. There's a common scam where fraudsters send an email inviting recipients to click on a link to see their tax return. Be suspicious of any emails that seem unfamiliar, Hicks says. "Don't click on any links or open any attachments," he adds.
It's also worth checking out the sender, even on emails you are familiar with, says Tim Sadler, CEO and co-founder of email security company Tessian. Do the name and email address match up?
"Attackers will frequently take advantage of the fact that mobile email only shows a display name — as opposed to the full email address — and will change the display name to someone that the victim is familiar with," he says.
And remember, the IRS will not email you. The IRS generally only uses snail mail to contact you about problems.
3. Watch URLs closely
Another way scammers can get information is by luring unsuspecting consumers to fake websites that ask them to fill in their personal details. They have become extremely sophisticated about impersonating websites, including do-it-yourself tax sites and tools.
It's important to pay attention to the URL in your browser. Check for misspellings or strange top level domains other than the typical .com or .gov.
"Get in the habit of glancing at the web address when you visit a new page," Hicks says. Instead of clicking on a link in an email or a Google search, type the URL directly into the address bar of your browser.
4. Don't trust IRS calls
One of the most common tax scams is when fraudsters impersonate an IRS agent and threaten potential victims with everything from arrest to deportation if they don't pay a purportedly overdue tax bill. These once again made the IRS' annual list of the "Dirty Dozen" tax scams in 2020, which highlights the most pervasive and harmful types of fraud.
In previous years, fraudsters also spoofed the telephone number of the IRS Taxpayer Advocate Service office to make their calls seem more legitimate. The phony calls showed up as the IRS on caller ID, but they were actually from scammers.
Keep in mind that the IRS will never call or use recorded messages to demand immediate payment using prepaid debit cards, gift cards or wire transfers. If you do owe money, the IRS will generally mail you a bill first.
5. Make your social media profiles private
A newer, and fast-growing, form of fraud is social media attacks, according to McAfee. Fraudsters will log onto social media platforms like Facebook, Instagram and Twitter to find nuggets of information about their potential victims, such as their age, family, location, and likes and dislikes.
Hackers can then use that information to gain access to all types of accounts, including your IRS e-file profile and banking sites, by guessing the answers to simple security questions or even gaining enough data points to impersonate you completely.
To protect against this, make sure that your social media profiles are as private as possible. If you do want to have your profile public, limit the amount of personal details and information you share. If you typically use the name of a pet as part of a password, for example, don't include it in publicly shared information.