While it may be a relief to some that the IRS has extended the deadline for filing tax returns to July 15, the decision has prolonged the timeframe that individuals and businesses are susceptible to tax season-related cybercrime. From now until tax season comes to a close, cybercriminals will be on the prowl for tax-related identify theft. Tax season is primetime for scammers and other malicious actors who want to take advantage. The 2017 Identity Fraud Study revealed that the identity fraud incidence rate increased by sixteen percent, a record high since Javelin Strategy & Research began tracking identity fraud in 2003. Hackers are devious and constantly looking for ways to filch your personal information.

Cybersecurity experts warn that small and medium businesses, including sole proprietors, are highly targeted for tax season cybercrime. The IRS provides taxpayers with guidance on ways to protect their financial data online. The IRS published its Identity Theft Central page, an exceptional resource to help individuals, qualified tax professionals and organizations to achieve security. Lucky for you, we put together some tips to make sure you avoid tax season scams.

Security Tips to Keep in Mind During Tax Season

  1. Do Not Click on Suspicious Links

This is a required security practice for anyone seeking to prevent the next cyberattack or data breach. Individuals can prevent malware and phishing attacks by not clicking on any link or opening any file attachment on an unsolicited email. A common scenario is when hackers send fake emails, purportedly from your boss, demanding all employee W-2 data, from HR and accounting. It often requires the target to click on a malicious link. Remember not to fall for it, but instead contact your HR department directly to solve the issue.

  1. Do not open attachments from questionable email accounts

It is crucial you never open attachments from questionable email accounts. Phishing attacks occur when cybercriminals use fake emails and websites to steal personal data. The IRS normally does not email individuals to ask for personal information. Instead of replying to an email supposedly from the IRS, verify your sources and call the agency. A representative will authenticate whether or not the IRS is attempting to reach out to you.

  1. Make sure your passwords are strong

Always use strong passwords. Don’t forget this rule of thumb and it’s a very important one: never share your passwords with anyone. Your passwords should be difficult to recreate. If your passwords are too short or effortless to guess, you are pretty much giving your information to hackers. Longer passwords and those that merge capital with lowercase letters, and numbers and symbols offer a higher security level.

  1. Protect your computer

Apply anti-malware, antivirus software, and other tools to uncover and filter out risks. These solutions won’t cover everything, but they can help detect and block many tax breaches. Update your software on all devices, including security software and operating systems. With up-to-date software you will have defenses against the latest and emerging threats that malicious actors use to steal login information.

  1. Never Use Online Banking or Sensitive Transactions Over Public Networks

A big mistake a number of people fail to avoid is processing private, sensitive information over public networks. It may be more convenient to connect to the Internet using free public Wi-Fi, but don’t handle sensitive, confidential or proprietary business on those networks. Networks that are shared publicly leave your data and traffic open to exploits, disruption or worse. Public wireless networks are not safe. Hackers can divert internet connections while you are working with personal information on public Wi-Fi.

  1. Do Not Open Emails From IRS Regarding Credit Card Info

This is probably the number one reminder for tax season warnings. Understand that the IRS will not get in touch with you by email to let you know that you have a higher return or that you owe more money. This knowledge will enable you to disregard all scam emails sent your way. Failure to dismiss this one important sign will definitely not safeguard you from tax season internet fraud. Even if you owe more money, the IRS will never ask you to give your sensitive, financial information over the phone or email.

  1. Train your staff about tax season tips and tricks

It is important that companies create a culture where people are informed and protected against cyber threats. Organizations training their staff on cybersecurity should teach them how to report suspicious activity without fear. Provide training on common threats, including malware, phishing and ransomware. Give them real life scenarios, e.g., with Dictionary and Brute Force attacks, so they will be more likely to set strong passwords. Some tips to share to employees include:

  • Using digital signatures when electronically sending W2s and 1099s
  • Looking out for the W9 scams

How ThreatModeler Can Protect Your Tax Information

Key hacks where tax information has been stolen have happened so many times during tax season, it’s impossible to ignore. Businesses that process the private data of employees and customers must be proactive before, during and post tax season. ThreatModeler’s security experts advise that in the event of a breach, companies must notify the IRS and warn all parties implicated.

ThreatModeler is a groundbreaking platform that can help organizations to instinctively scale security across their entire IT ecosystem. Through ThreatModeler’s integration with leading cloud provider AWS, and its cloud-ready content library, DevSecOps teams can detect, identify and predict threats before they happen in order to manage risk. From system, to web, to mobile to IoT-embedded devices, ThreatModeler helps enterprises to inventory all the threats to determine how best to prevent them.

ThreatModeler also provides reporting to conduct a holistic risk analysis, which paints a clear picture of the different components, data flow and threats tied to them. To learn more about how ThreatModeler™ can help your organization build a scalable threat modeling process, book a demo to speak to a ThreatModeler expert today.




ThreatModeler revolutionizes threat modeling during the design phase by automatically analyzing potential attack surfaces. Harness our patented functionalities to make critical architectural decisions and fortify your security posture.

Learn more >


Threat modeling remains essential even after deploying workloads, given the constantly evolving landscape of cloud development and digital transformation. CloudModeler not only connects to your live cloud environment but also accurately represents the current state, enabling precise modeling of your future state

Learn more >


DevOps Engineers can reclaim a full (security-driven) sprint with IAC-Assist, which streamlines the implementation of vital security policies by automatically generating threat models through its intuitive designer.

Learn more >