In its second annual Tax Season Risk Report, CyberScout, the a data security and identity theft protection firm, reported on taxpayer attitudes about identity theft and saw a pattern of poor practices that leave much of the public vulnerable.

While the IRS is taking steps that have reduced tax identity theft, taxpayers must still take ownership to protect their filings as the risks remain high.

Survey highlights:

  • Most Americans (58 percent) are not worried about tax fraud in spite of federal reports of 787,000 confirmed identity theft returns in 2016, totaling more than $4 billion in potential fraud.
  • Only 35 percent of taxpayers demand that their preparers use two-factor authentication, which is far more secure than a single password, to protect their clients’ personal information.
  • Less than a fifth (18 percent) use an encrypted USB drive, a secure way to save important documents like tax worksheets, W-2’s, 1099’s or 1040’s. Another 38 percent either store tax documents on their computer’s hard drive or in the cloud, approaches that are susceptible to a variety of hacks.
  • More than half (57 percent) of consumers will file in March, April or later, giving tax fraudsters time to impersonate them online and steal their refunds.
  • The majority (51 percent) of taxpayers who expect a refund check in the mail have not taken precautions such as a locked mailbox, putting their check at risk of theft.
  • Half of all taxpayers (50 percent) who use a tax service weren’t sure how to evaluate them, chose someone online or didn’t screen them beforehand, leaving the taxpayer vulnerable to scams.

“We’ve reached an extreme level of cybercrime where identity theft has become the third certainty in life. In tax season, it is crucial that everyone remain vigilant and on high alert to avoid tax related identity theft or phishing schemes,” said Adam Levin, founder and chairman of CyberScout and author of Swiped.

Tax season is one of the most common times for identity fraud to take place, making it even more important for consumers to take the proper safety measures. Having a password protected Wi-Fi connection, a protected mailbox for a physical tax return to be sent, two-factor authentication for tax preparation services and an encrypted USB drive for sensitive tax documents are four of the most basic ways to protect oneself. Taxpayers are confronted with a variety of scams and should use the following techniques to protect themselves:

  • Always use long and strong passwords.
  • Never authenticate yourself to anyone who contacts you online or by phone, since the IRS will never contact you by those methods.
  • Use direct deposit of refunds into your bank account or a locking mailbox for mailed refunds.
  • Monitor and protect your accounts and elements of your personal identity online and in social media. It’s easy for hackers to figure out answers to security questions from social media.

“In order to reduce the risk of becoming a tax identity theft victim, consumers need to follow the 3Ms: Minimize their risk of exposure, Monitor your accounts and your personal identity, and know how to Manage the damage,” noted Levin. “If the worst happens, victims of identity theft should turn to organizations they trust, including their insurance provider, financial services institution, or the HR department of their employer, who offer low-cost or free cyber protection services to protect and restore stolen identities.”

Consumers and tax preparers can protect themselves by visiting the federal web site on tax scam alerts to find out about the current scams and cyber-attacks.