Spring quarter is in full swing. What’s next? The deadline to file your taxes. Early April is prime time for criminals that want to commit identity theft and file fraudulent tax returns. They target the time just before and just after most companies release W-2 statements. There are steps you can take that make you less likely to become a victim.

Protect your social security number (SSN) and your personal tax information as though it were cash. If you e-file, the IRS has added safeguards to reduce fraud. If you use a preparer, the IRS has provided them with guidelines to protect your information.

Email is a common method used to commit tax-related fraud. Criminals tend to impersonate the IRS through messages that look official but are actually threatening. The IRS has published simple steps to help protect yourself against phishing and other email scams.

  • Be vigilant and skeptical. Never open a link or attachment from an unknown or suspicious source. Even if the email is from a known source, the recipient should approach with caution. Cybercriminals are good at acting like trusted businesses, friends, and family. This even includes the IRS and others in the tax industry.
  • Double check the email address. Thieves may have compromised a friend’s email address. They might also be spoofing the address with a slight change in text. For example, using narne@example.com instead of name@example.com. Merely changing a single letter can trick people.
  • Remember that the IRS won’t spontaneously ask taxpayers for personal or financial information by email. This also includes asking for information via text messages and social media channels. The IRS does not call taxpayers with aggressive threats of lawsuits or arrests. In general, no legitimate business or organization will ask for sensitive financial information by email.
  • Do not click on hyperlinks in suspicious emails. When in doubt, users should not use hyperlinks and instead go directly to the source’s main web page manually.
  • Use security software to protect against malware and viruses found in phishing emails. Some security software can help identify suspicious websites that are used by cybercriminals.
  • Use strong passwords to protect online accounts. Experts recommend using a minimum of ten digits, including letters, numbers and special characters.
  • Use multi-factor authentication when offered. Multi-factor authentication (MFA) means that in addition to entering a username and password, the user must enter a security code. This code is usually sent as a text to the user’s mobile phone. Even if a thief manages to steal usernames and passwords, it’s unlikely they would also have a victim’s phone.
  • Report phishing scams. Taxpayers can forward suspicious emails to phishing@irs.gov.

Despite best efforts to thwart criminals, you may become the victim of identity theft and tax fraud. If that happens to you, the IRS has published guidance to assist you in overcoming it. The California Attorney General also has helpful information here.

However, the risk of identity theft and tax fraud doesn’t stop after April 18 and will continue throughout the year. If you are the victim of tax fraud or identity theft at any point, please email Emilio Valente, Chief Information Security Officer, at emiliov@ucsb.edu.