Tax season has long been an unavoidable rite of spring. Every year, April 15 looms. But this year is different, due to the novel coronavirus pandemic. And while the tax deadline has been moved back to July, there’s something that’s always important to focus on: keeping your identity secure.

Just how bad is it out there? According to a “2019 Internet Security Threat Report” by Symantec, cybercriminals are getting more wily in their attempts to steal your personal information, using methods like supply chain attacks and malicious email attachments through files. In 2018, the Federal Trade Commission (FTC) says it processed 1.4 million fraud reports totaling $1.48 billion in losses.

Some of the most common methods of identity theft might surprise you: According to NBC News, those preapproved credit cards that haven’t been shredded, spam emails sitting in your inbox, and tempting tax refund emails top the list of ways to steal your information.

Fortunately, there are ways to help you identify scams and protect yourself from becoming a victim of tax fraud.

Learn to spot schemes 

Today, the phishing schemes are far more sophisticated than the days of a catfish boldly asking you to send them money via a bank transfer. Fraudsters know what your financial institution’s email newsletter looks like and can mimic it; they can even code the email to actually look like an official email account. If you’ve ever used an online software system to file your own taxes, you’ll start getting emails from them, prompting you to log in, reconnect and start anew. But as legitimate businesses increase emails to consumers, so will illegitimate scammers.

“There’s no perfect way to tell if any email related to your taxes is a trap,” says Sean Murphy, chief information security officer (CISO) at BECU. “The best advice is to just not click the links. Go directly to the source’s website to verify and obtain the information. And, remember that the IRS does not use unsolicited emails, text messages or any social media to discuss your personal tax issues.”

Become more like Mr. Robot

The show about the paranoid hacker could teach the rest of us a few lessons: healthy paranoia pertaining to your private information, especially in a public space, is a good thing. Public Wi-Fi is just that — public. This means that any experienced hacker can ride your digital coattails and see where you’re going. “Avoid logging in to any online banking or financial accounts unless you have access to a virtual private network (VPN) application,” says Murphy.

Likewise, online shopping sprees in the open, public view are probably not a wise idea, as cyber thieves also snoop for your credit card info. “People can look to view the information you are putting into the system and copy data like your bank card information, Social Security number (SSN), passwords, and more depending on what details you are sharing,” says Murphy.

Recognize scam calls and emails

Just when you thought you had gotten rid of unsolicited phone calls (gone with the wind, just like most landlines) robocalling, a new nuisance, has proliferated in recent years. If you get a threatening call or letter purporting to be from the IRS, beware, especially if they have case numbers or phone numbers to call. “The IRS has been very public about never contacting you this way or for these reasons. You should hang up and call the IRS directly using the correct phone number listed on the website,” explains Murphy. Suspicious emails and phone calls should be handled like spoiled food: if in doubt, throw it out.

Protect your data

Two-step or multifactor authentication is admittedly a little annoying, but it will keep hackers out of your bank account(s). Once you set it up, any time you attempt to log in, you will get a code sent to your phone number to verify your information.

Another tool to guard with your life: the six-digit code, otherwise known as an Identity Protection Pin (IP PIN), given to you by the IRS. Only share it with your verified tax preparer. “You being the only one who knows the PIN is what makes it useful,” says Murphy.

For keeping track of your passwords, sign-up with a password-management service. These services use one master password and will generate new, safer passwords for all of your accounts. The apps will sync and save between computers and phones so you don’t have to remember any of them, except the master password. And that’s going to stay inside your brain like a steel trap.


What if you did all the right things and still suffered a privacy breach? Never fear. Contact the business that was hacked ASAP and they will likely reverse the charges. BECU members, for instance, can contact or 800-233-2328. In many cases, charges can be reversed or accounts can be protected from additional threats.

Something to keep in mind for next year

If you’ve already filed your taxes this year, great! The early bird gets the worm – and has a better chance of heading off a fraudulent tax return.

“File your return as early as possible to help reduce your risk of being impacted by tax fraud or identity theft,” says Murphy. “The IRS only allows one tax return per SSN each year, so it’s beneficial if you are able to file your return in your name before a fraudster does.”

If your usual routine is to wait until the last minute to file, this may be the nudge you need to get an earlier start next year. It’ll be easier to face the new timeline with all the security savvy you’ve built up this year.

As a member-owned credit union, BECU is focused on helping increase the financial health of its members and communities through better rates, fewer fees, community partnerships and financial education. BECU is federally insured by NCUA.

Editor’s note: This article has been updated to include changes to the tax deadline. (3/30/2020)