CNET también está disponible en español.

Ir a español

Don't show this again


Anti-fraud tips and tools for tax season

The IRS and others offer suggestions for keeping your computers free from malware and your data safe during tax-filing season.

This screenshot shows a tax season phishing e-mail that looks like it comes from the IRS but which leads to a site with data-stealing malware. Proofpoint

As April 15 approaches, U.S. citizens preparing to file their taxes are susceptible to online scams designed to steal their personal information and, ultimately, their money. Here is a roundup of tips for how people can protect themselves.

First off, the Internal Revenue Service does not initiate taxpayer communications through e-mail, and the agency does not request details on personal information via e-mail. The IRS has detailed information on how to report and identify phishing and e-mail scams and bogus IRS Web sites here. More information about specific tax fraud schemes is here.

Microsoft's Security Tips & Talk blog recommends that people filing taxes online should learn to recognize the official IRS Web site. In addition, people should make sure that the Web address of the site they are filing on is secure and begins with "https," the secure version of the Hypertext Transfer Protocol, and that there is a locked padlock icon at the bottom of the screen, the blog post says.

Tax-related phishing attacks have been going on for a few weeks, at least, according to Proofpoint. One particularly pernicious one arrives in e-mail in-boxes with a subject line of "Notice of Underreported Income" and asks recipients to review their tax information with a link to a site that is represented as an IRS site. Instead, according to this Proofpoint blog item, the link leads to a fake IRS page with an executable that installs the data-stealing Zeus Trojan.

Proofpoint's tips: Be suspicious of any e-mail requests for personal IDs, financial information, user names or passwords; don't fill out forms in an e-mail; don't click on links in e-mails that are unsolicited or suspicious; and type the legitimate URL for the organization in a new browser window or call the company directly.

SonicWall predicts that more than 100 million IRS-related phishing e-mails will be sent to tax payers in the days leading up to and after the April 15 tax-filing deadline. But not all tax-related e-mails will be scams, the company said.

"Myriad legitimate online filing services, online consultants who answer tax-related questions, and online tax calculators currently exist," SonicWall said in a statement.

"For example, if you file your taxes with an online tax preparation service, you are likely to get legitimate e-mail from them and the bank, which acts as the transfer agent for the transaction for the IRS," the company said. "Phishers use this opportunity to prey on taxpayers who are filing their tax refund--asking them for bank card information to deposit the refund and a Social Security number so they can verify a taxpayer's identity. Be wary of these types of inquiries."

SonicWall's tips include visiting the tax preparer's Web site or calling the company to check up on the status of the filing and being wary of offers that allow people to get loans on their income tax refund, many of which are scams.

Meanwhile, AVG Technologies has partnered with to offer AVG's free security software along with tax-filing tips for people preparing to file taxes electronically. The AVG software can be used to scan Web sites to make sure they are safe and to check for malware on the taxpayer's computer.