Have you filed your taxes yet? We’re just a little over a month away from April 15th, Tax Day in the U.S. Every year around this time, we see a plethora of stories about how cyber criminals are committing tax refund fraud. These criminals have multiple avenues of attack: they may target Payroll and HR departments to steal W-2s for tax filing fraud or they may send phishing emails for tax refund filing credentials. Either method leads to the same problem for you: compromised sensitive information and a lost tax refund. Imagine having your tax return rejected because one has already been filed in your name!

Password Reuse Can Jeopardize Your Refund and Personal Information

Recently, TurboTax announced that they had detected unauthorized logins to some accounts, which they believe was due to password reuse. Here’s how that works. Say you use the same password for almost all of your online accounts. One day, one of those online service providers suffers a data breach and the hackers get your username (often an email address) and password. Now, they attempt to use the stolen username and password on different websites until they access one or more of your accounts. That’s why using a different password for every website, especially those accounts with sensitive information such as social security numbers, is such a big deal.

Don’t worry, no one expects you to remember all of your different passwords! Use a password manager to help you. If you use Apple products, there’s a built-in password manager called Keychain. If you don’t have Apple devices but use Chrome and have a Google account, you can have the Chrome browser remember your passwords.

TurboTax also offers the additional login step which requires a code as well as your password to login. This will prevent the unauthorized access by someone who obtained your password because the code is unique to every online service provider. No code? No go!

Minimize Your Risk

What else can you do to beat criminals this year? This may be an unpopular suggestion, especially if you suspect you owe taxes, but file your tax return early. Simply beat scammers to it.

Second, if you file your taxes online through a filing service such as TurboTax or H&R Block, login and change your password to something unique or enable the additional login step right away. While you’re in there, double-check your bank routing information to make sure it’s accurate. If a scammer has accessed your account to file taxes, they’ve likely updated the place to send the refund to their own account. Notify your filing service if anything seems amiss.

Finally, be skeptical about online communications about taxes or tax filing. The IRS will not initiate contact with you through email, text message, or social networks. They certainly won’t make threats about owed taxes or attach forms to emails–they will always reference their website: irs.gov. And if your tax filing company sends you an email to log in, don’t use the link in the email. Find their site online through your favorite search engine and then log in to it. If a scammer is impersonating the IRS or your tax filing service, using these tips will help keep your information safe.