Don’t Let Cybercriminals Steal Your Refund: Tips for Securing Tax Information Online

Spring brings the annual return of tax season, and it’s not just the IRS that’s after your wallet. It’s also a prime opportunity for cybercriminals who are looking for soft targets to defraud.

This article will review the threat landscape surrounding taxes and how you can stay prepared.

Tax Scams

Tax season is a fraudster’s paradise with the U.S. Internal Revenue Service (IRS) reporting  over $2 billion in tax scams every year. With so much money being exchanged, there are countless opportunities for bad actors to impersonate, trick, deceive, or steal hard-earned taxpayer dollars.

Cybercriminals rely on their usual bag of tricks, but with some unique twists:

*Smishing – hoax texts claiming to be from the IRS direct victims to bogus websites that steal personally identifiable information (PII.) Remember: the IRS does not use text messages for tax communication.

*Phony phone calls – thieves impersonating federal or state agents intimidate victims with threats of fines or jail time unless they pay a bogus overdue payment. This scam is common enough that the IRS has its own FAQ on the method.

*Phishing – tax season is prime time for email scams. Unsolicited emails that contain viruses or malware may prompt victims to share personal or financial information.

Staying Secure

There are clear, concrete steps that you can take to remain secure during tax season – and VENZA can help.

1. Invest in security awareness training. The largest vulnerability that most organizations face is their human element. No matter how much you invest in software and IT, at the end of the day, “you can’t patch people.” Shore up your human firewall by building awareness with courses and training tools, like VENZA’s industry-leading PEAK learning paths and data protection resources.

2. Require strong, unique passwords and MFA on all accounts. Your goal should be to create redundant layers of security. Strong passwords and MFA mean that a threat actor will face additional hurdles to access your information, even if they breach one account.

3. Store and share sensitive documents securely. Tax documents are teeming with PII like social security numbers, birth dates, and banking information. Store physical copies in locked areas subject to access restrictions and send documents online using secure file transfer services. Make sure that the recipients of documents are only those with a legitimate need to access and view them, like tax preparers or lawyers. VENZA maintains a Policy Template Library to help our clients quickly and effectively create best practices for email policy, access control, and more.

4. Maintain backups. Protect your organization from ransomware by making electronic copies of key documents and storing them securely. The best practice is to have two backup copies on different types of storage media, with at least one located offsite. The services of a quality MSSP, like CyberTek, can simplify this process.


Feeling overwhelmed? Don’t be. VENZA and CyberTek are here to help. Cybersecurity is complex, but in partnership with us, your company can get started in as little as one month. Get a live demonstration today by contacting our Customer Success team.

Ready to elevate your game? Contact Sales to discuss signing up for our programs or adding new solutions to your contract.


Take VENZA’s free Phishing Test to assess gaps in your human firewall today!

Human Firewall

Training your personnel to recognize and report phishing attempts is essential to protecting your guests and their data. Get started by determining your risk and readiness level using this free tool.