Risk
4/23/2009
04:40 AM
50%
50%

10 After-Tax-Filing Security Tips

Filing your taxes isn't the end of the story. You've also got to be sure that you the electronic information you submit doesn't fall prey to identity theft. Think it can't happen to you? Tell that to the 10 million Americans who had their identity stolen last year.

Filing your taxes isn't the end of the story. You've also got to be sure that you the electronic information you submit doesn't fall prey to identity theft. Think it can't happen to you? Tell that to the 10 million Americans who had their identity stolen last year.Identity thieves seek a combination of personal information to do their damage to your credit rating, which for a small business owner could damage not just personal finances, but also business solvency. Unfortunately, electronic tax documents are rich hunting grounds for identity thieves according to Todd Feinman, the CEO of Identity Finder, a security and privacy software vendor. "Stored tax documents are a gold mine for hackers because a tax return contains at least one person's social security number and a tremendous amount of other relevant, personal information," he says. "Once thieves get an SSN, they can potentially wreak havoc on a victim's credit."

Because they contain such sensitive data, it's crucial to take extra measures to keep your electronic tax information safe. Feinman suggests these 10 steps:

  1. When storing a copy of your tax return on your computer, make sure you secure it with a password so that your SSN cannot be read if the file is lost.
  2. Securely delete all electronic, financial documents used to prepare your tax returns so any personal information is safe.
  3. Ignore all refund/rebate/warning e-mails claiming to come from the IRS and never click on links within those e-mails because it is most likely a phishing attack.
  4. Do not provide personal information to anyone calling you claiming to be from the IRS; the IRS already has your information and it's likely to be an identity thief calling you.
  5. Check your credit report with one of the three credit bureaus free every four months at www.annualcreditreport.com to make sure your identity hasn't already been stolen.
  6. Install the latest updates to your operating system so known Windows or Mac vulnerabilities can't be exploited by hackers.
  7. Don't save your password in your Web browser when accessing banks and other institutions that keep your personal information because it could be leaked if you ever get a virus, Trojan, or are hacked.
  8. If you provided your bank account and routing information to the IRS for payment or refunds, check your bank accounts to ensure the proper transfer occurred.
  9. Visit your bank account online and set up alerts on your accounts to monitor when high amounts of cash are withdrawn.
  10. Make sure you do not receive incorrect payment liability or refund information; a thief could have filed a tax return on your behalf fraudulently. If you suspect tax preparation fraud, call the State Tax Department toll-free at 1-888-675-9437.

bMighty bSecure is a virtual event designed to help your company stay secure in the most cost-effective way possible. bMighty and InformationWeek editors will bring together SMB security consultants, analysts, and other experts, along with real IT execs and users from small and midsize companies to share the secrets of keeping your company secure without breaking the bank.
REGISTER NOW!

Don't Miss:

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-2808
Published: 2015-04-01
The PRNG implementation in the DNS resolver in Bionic in Android before 4.1.1 incorrectly uses time and PID information during the generation of random numbers for query ID values and UDP source ports, which makes it easier for remote attackers to spoof DNS responses by guessing these numbers, a rel...

CVE-2014-9713
Published: 2015-04-01
The default slapd configuration in the Debian openldap package 2.4.23-3 through 2.4.39-1.1 allows remote authenticated users to modify the user's permissions and other user attributes via unspecified vectors.

CVE-2015-0259
Published: 2015-04-01
OpenStack Compute (Nova) before 2014.1.4, 2014.2.x before 2014.2.3, and kilo before kilo-3 does not validate the origin of websocket requests, which allows remote attackers to hijack the authentication of users for access to consoles via a crafted webpage.

CVE-2015-0800
Published: 2015-04-01
The PRNG implementation in the DNS resolver in Mozilla Firefox (aka Fennec) before 37.0 on Android does not properly generate random numbers for query ID values and UDP source ports, which makes it easier for remote attackers to spoof DNS responses by guessing these numbers, a related issue to CVE-2...

CVE-2015-0801
Published: 2015-04-01
Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 allow remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code with chrome privileges via vectors involving anchor navigation, a similar issue to CVE-2015-0818.

Dark Reading Radio
Archived Dark Reading Radio
Good hackers--aka security researchers--are worried about the possible legal and professional ramifications of President Obama's new proposed crackdown on cyber criminals.