Watch Out for Tax-Related Cyber Attacks as Deadline Approaches

Tax Day is nearly upon us. And as April 15 approaches, many of us may be multi-tasking even more than normal as we prepare our final tax forms and file returns. Unfortunately, this creates a unique opportunity for cyber criminals to try to entice electronic preparers and filers to click on links that look like urgent emails pertaining to income taxes … but are really scams and/or attempts at phishing.

So, be on the lookout for any seemingly urgent emails claiming problems with your tax return, “corrected” tax documents from financial institutions requiring immediate downloads or similar scam email messages.

To lessen the likelihood of falling victim to cyber crime, keep the following points in mind when scanning your email inbox this tax season:

  • The IRS and other legitimate financial institutions DO NOT send or request important information via email or phone calls.
  • Sending tax or other financial information via regular email is NOT considered secure. NOTE: E-file is not email and is thought to be safer than traditional/postal mail.
  • Safeguard your tax and associated financial information by following guidelines specified by the IRS and your CPA.

Action Items

  1. Go directly to the website of the sending entity or call an authorized phone number listed for them to verify the institution’s legitimacy rather than clicking on an email link. These are the safest ways confirm a valid tax-related email requests.
  2. Use a secure (encrypted) portal or message system provided by the sending entity.
  3. If you must send sensitive information via email, be sure to encrypt it. You should provide your public encryption key to the recipient in a SEPARATE message.
  4. Limit the amount of sensitive information you share via email or phone.
  5. Destroy (SHRED) excess or outdated copies of your tax information. Contact your CPA before doing so, to ensure that you don’t prematurely dispose of necessary tax forms.

HBK can assist you with these or cybersecurity topics or questions. Please contact Bill Heaven at 330-758-8613 or

About the Author(s)
Bill Heaven is a Senior Manager in HBK’s Information Technology (IT) Department and works out of the firm’s corporate office in Youngstown, Ohio. He specializes in cyber security, IT security, external IT audit, internal IT audit, IT consulting, software Development, IT governance, PCI-DSS, supply chain, system implementations and e-Commerce and has worked for a wide range of industries, including the Public Accounting field. Bill is a certified public accountant, a certified information system auditor, and a certified supply chain professional. He earned a Bachelor of Business Administration degree in Computer Science from Kent State University. Bill is a member of the American Institute of Certified Public Accountants (AICPA), the Ohio Society of Certified Public Accountants (OSCPA), the Information System Audit and Control Association (ISACA) and the Canfield Chapter of Rotary International.
Hill, Barth & King LLC has prepared this material for informational purposes only. Any tax advice contained in this communication (including any attachments) is not intended or written to be used, and cannot be used, for the purpose of (i) avoiding penalties under the Internal Revenue Code or under any state or local tax law or (ii) promoting, marketing or recommending to another party any transaction or matter addressed herein. Please do not hesitate to contact us if you have any questions regarding the matter.