Cybersecurity Risks on the Rise This Tax Season
Why Tax Season Is a Goldmine for Cybercriminals
Every spring, millions of people hand over some of their most sensitive data — Social Security numbers, bank account information, income records, and employer details — all in the process of filing taxes. Cybercriminals are aware of this. They plan accordingly. And they rely on the fact that you're distracted, pressed for time, and trusting that the tools and people around you will handle your information responsibly.
Steps for Keeping Your Personal Information Safe While Filing Taxes
Think of your tax return as a blueprint of your entire financial life. It contains your Social Security number, your income sources, your bank routing numbers, and your employer's details. If that blueprint falls into the wrong hands, the damage can follow you for years.
Steps for Keeping Your Personal Information Safe While Filing Taxes
Think of your tax return as a blueprint of your entire financial life. It contains your Social Security number, your income sources, your bank routing numbers, and your employer's details. If that blueprint falls into the wrong hands, the damage can follow you for years.
Use only trusted, reputable tax software.
Free or discounted tools from unknown sources are a common trap. Stick to IRS-approved software or well-established platforms. If you're unsure whether a tool is legitimate, check the IRS Free File program directly at irs.gov — don't rely on links sent to you via email. Avoid buying well-known software from shady websites offering deep discounts, as your software could contain malware. Major tax software providers have non-compete agreements with all legitimate resellers. If you are saving more than $10, it’s a warning sign.
Enable multi-factor authentication (MFA) on all your tax-related online accounts.
This includes your tax software login, your IRS account, your bank, and financial accounts — everything. MFA is the most effective way to prevent attackers, even if they manage to get your password. If MFA is available and you haven't turned it on, you're leaving the door open for intruders.
Be cautious of any email you receive.
The IRS does not contact people through email, text, or social media. If you get an urgent message claiming to be from the IRS, your tax software, or your accountant asking you to click a link or send documents — stop. Verify by calling the organization directly using a phone number you find yourself, not one in the message.
Use only trusted, reputable tax software.
Free or discounted tools from unknown sources are a common trap. Stick to IRS-approved software or well-established platforms. If you're unsure whether a tool is legitimate, check the IRS Free File program directly at irs.gov — don't rely on links sent to you via email. Avoid buying well-known software from shady websites offering deep discounts, as your software could contain malware. Major tax software providers have non-compete agreements with all legitimate resellers. If you are saving more than $10, it’s a warning sign.
Enable multi-factor authentication (MFA) on all your tax-related online accounts.
This includes your tax software login, your IRS account, your bank, and financial accounts — everything. MFA is the most effective way to prevent attackers, even if they manage to get your password. If MFA is available and you haven't turned it on, you're leaving the door open for intruders.
Be cautious of any email you receive.
The IRS does not contact people through email, text, or social media. If you get an urgent message claiming to be from the IRS, your tax software, or your accountant asking you to click a link or send documents — stop. Verify by calling the organization directly using a phone number you find yourself, not one in the message.
Tips for Filing Taxes from Home
Filing from your kitchen table seems convenient, but your home network might not be set up for tax-grade security. A few tweaks can make a big difference.
Never file taxes on public Wi-Fi.
Coffee shops, airports, and hotels are all risky environments for transmitting sensitive data. If you're filing remotely, use your home network or a personal mobile hotspot. If you must use a shared network, connect through a VPN first.
Keep your devices updated.
Operating system and browser updates not only add features but also fix security vulnerabilities that attackers actively exploit. Before starting your return, ensure your device is fully up to date.
Work in a private, controlled space.
It seems obvious, but shoulder surfing is real. Whether it's a roommate passing by or a video call left open in the background, ensure your screen isn't visible to anyone who doesn't need to see it.
Store your documents securely—both digitally and physically.
Once your return is filed, your tax documents should be kept either in a password-protected folder (encrypted is better) or in a locked physical file. Leaving PDFs on your desktop or paper files on the counter is an unnecessary risk.
What's the Best Way to Exchange Tax Documents with Your Accountant?
This is where most people unknowingly face their biggest risk. Emailing tax documents — W-2s, 1099s, Social Security numbers — as unprotected attachments is like mailing your financial life on a postcard. Anyone with access to that email chain can read it. Plus, you really don’t know how secure your account's email system is.
Use a secure client portal if your accountant offers one.
Most modern accounting firms provide encrypted portals specifically for document sharing. This is the gold standard. Files are encrypted during transmission and when stored, and access is protected with authentication. If your accountant offers this, use it every time. Don’t overlook that big accounting firms’ document-sharing portals can also be targeted in phishing attacks, just like anything else. Always follow up with a phone call to verify authenticity.
Encrypt or password-protect documents before sharing them.
If a secure portal isn't available, at least encrypt or password-protect any sensitive PDF or ZIP file before sending. Share the password separately — via text message or phone call — never in the same email as the file.
Avoid using regular email for anything involving a Social Security number.
Standard email isn't encrypted end-to-end. If you need to send an email, consider services like ProtonMail or ask your accountant if they support encrypted email. Even better, have a direct conversation about how they prefer to receive sensitive documents before tax season starts.
Confirm receipt and ask about their document retention policy.
It's reasonable to ask your accountant how long they keep your documents, how they store them, and what happens to them after your engagement ends. A professional will have clear answers. If they don't, that's worth noting.
Conclusion
Tax season creates a perfect storm: time pressure, large volumes of sensitive data, and a process that most people do once a year and therefore never think through enough. Cybercriminals exploit all three.
You don't need to be a security expert to protect yourself. You just need a few consistent habits — like using verified software, enabling MFA, sharing documents securely, and maintaining a healthy skepticism toward anything that creates artificial urgency. The inconvenience of a secure process is nothing compared to the nightmare of identity theft or a fraudulent return filed in your name.
This year, handle your tax data the same way you'd handle your passport. You wouldn't hand it to a stranger or leave it on a park bench. Use that same instinct for your digital files, and you'll be in much better shape than most people filing this season.
Read More Cybersecurity Tips
Scammers are constantly evolving their tactics. Check out more articles by Stewart CISO Genady Vishnevetsky below.