H&R Block and Turbo Tax are among the least secure, says a new report.

Seven of the top eight tax filing software companies choose not to fully secure their email communication with customers, according to Global Cyber Alliance, a cyber security watchdog group.

Only half are using the bare minimum of identity theft protection, the study says.

GCA’s findings come on the heels of a statement the IRS released urging tax professionals to increase cyber security efforts. The IRS warned to “beware of phishing emails that can secretly download malicious software that can help cybercriminals steal client data.”

Philip Reitinger, GCA’s president and CEO, feels these software companies aren’t heeding the IRS’s warning.

“There appears to be a hole in the protections provided by some of the leading tax software providers,” Reitinger says. “Companies need to provide the maximum protections.”

Only Liberty Tax uses the highest identity theft protection available. The following are the seven other software companies, ranked by the level of cyber security to protect customer email communication.

Use the bare minimum

  • Credit Karma
  • Jackson Hewitt
  • Tax Slayer

Don’t use any

  • Free Tax USA
  • Turbo Tax
  • H&R Block
  • TaxAct

What is tax identity theft?

Identity theft affects over 12 million Americans yearly, according to Debt.com statistics. Tax fraud is just another type.

Cyber criminals obtain personal information and file a fraudulent tax return in your name to steal your refund. Last year $227 million were collected in fraudulent tax returns, costing the U.S. government $46 million in losses, Debt.com previously reported.

In 2016, more than 2,100 identities were stolen every day, adding up to 787,000 cases throughout the whole year. So how do tax criminals get the information?

How tax scammers obtain information

The top ways don’t involve any hacking…

  • Dig through trash to get bills and documents
  • Pose as licensed tax professionals, call and try to fool victims into telling them
  • Send emails to fool people into disclosing personal information

“Consumers are accustomed to inputting the most sensitive and personal information, from Social Security numbers to financial information and health care expenses, into tax preparation software,”  Reitinger says. “The very nature of a consumer’s relationship with a tax provider makes it seem legitimate to receive emails that may ask for additional personal information.”

Despite high numbers of reported tax identity theft cases every year most Americans aren’t concerned over identity theft. More than half (58 percent) of Americans say they don’t worry about tax fraud, says a study from Cyber Scout, an identity theft services company.

“We’ve reached an extreme level of cybercrime where identity theft has become the third certainty in life,” says Adam Levin, founder and chairman of CyberScout. “In tax season, it is crucial that everyone remain vigilant and on high alert to avoid tax-related identity theft or phishing schemes.”

How to protect yourself?

The following are tips recommended by Global Cyber Alliance

  • Double check the sender’s email address. It may look correct, but if you cursor over it with your mouse — you might find a completely different address.
  • Don’t click on embedded links in emails. This can be an email phishing scam. Type the address into your browser’s address bar if you want to visit a site.
  • Don’t email personal or sensitive information. Your tax software provider will always ask you to input the information after securely logging in.
  • Don’t call any customer service phone numbers you see in an email. You can visit your software provider’s official site, login and double check the customer service phone numbers.
free debt analysis call 855-654-9191

Meet the Author

Joe Pye

Joe Pye

Associate editor

Pye is the associate editor of Debt.com.


identity theft, IRS, tax returns, theft

Related Posts

Article last modified on March 20, 2018 Published by Debt.com, LLC . Mobile users may also access the AMP Version: Popular Tax-Filing Software Vulnerable to Fraud - AMP.