Online Safety & Security: Cybersecurity Tips for Tax Season and Beyond

Did you know that since 2020, 74% of financial institutions have experienced a rise in cybercrime? 1

The transition to a more digitally remote world has created additional opportunities for cyber criminals hoping to deceive victims into performing tasks such as downloading malicious files, clicking dangerous links and revealing personal information.2

Throughout the year and especially during tax season, it is crucial to keep your personal and financial data safe and secure. With tax deadlines looming, we wanted to remind you that as you work with your respective financial professionals to gather all your financial documents and information, bad actors are also in play to take advantage of this sensitive time frame. There are, however, several best practices and reminders you can keep in your back pocket to help you mitigate your cyber risk. Here are a few considerations to keep in mind:

Know that the IRS will not:

  • Send you an unsolicited email suggesting that you have a refund or that you need to update your account.
  • Call or text you with threats of jail or lawsuits.
  • Request any sensitive information (i.e., your Social Security number) through email or text.
  • Offer a ransom deal to get you out of a penalty that you “owe.”
  • Send threatening emails with subject lines that include Account Closure!, e-Service Account is Blocked, Few Hours to Close Your Account, Your Account is Closed, Your Account is Terminated, 24 hrs to Block Your Account.

Know that the IRS will:

  • Want to be made aware of fraudulent attempts.
    • If you believe you have been sent a scam attempt via email, the IRS has requested that you forward those emails to
    • If you receive a phone call from a scammer claiming to be with the IRS, you can report those IRS-impersonation calls at


  • Avoid acting directly from emails, text or calls from anyone claiming to be the IRS. While your first instinct might be to panic and act, instead, take a moment to pause and think, and visit the IRS website for contact information and guidance.
  • Don’t open attachments in emails unless you know who sent it and what the attachment is.
  • Only engage with encrypted and secure websites – look for addresses starting with “https.”
  • Keep old tax returns and related records under lock and key, or encrypted if electronic.
  • Look into parties that are reaching out to you to find out who you are really dealing with.
  • Review your Social Security Administration records annually.
  • Don’t help identity thieves pose as you by oversharing personal information on social media (i.e., address, vehicle, new purchases like car or home, etc.).
  • Shred documents before trashing.
  • Use security software that updates automatically. Essential tools include firewall, virus/malware protection, and file encryption for sensitive data.
  • Ensure you are running the latest operating system on your personally owned devices.
  • Ensure your computers use up-to-date antivirus and antispyware.
  • Replace default passwords with strong, unique passwords or passphrases, and never use the same password across various login entities.
  • Enable multi-factor authentication for all applications when it is available.
  • Teach children to recognize and report suspicious email messages and html links to an adult (the FBI offers a free education program for children that teaches cyber safety).
  • Consider covering device cameras when they are not in use for school or work.
  • Consider utilizing credit or identity theft monitoring tools to check for fraudulent use of you, your spouse or your child’s identity.


New Ways Our Industry is Seeing Scammers Operate

The following has been sourced and paraphrased from its original publication on Charles Schwab’s website.

Scammers use search engine optimization (SEO) techniques to craft counterfeit websites resembling reputable institutions like financial custodians. These fraudulent sites, designed to appear genuine, can exploit users’ trust in top search results, making them susceptible to phishing attacks. The scam unfolds as follows:

  1. Fraudsters create websites that mimic trusted entities like Schwab, enticing users to click on them.
  2. Once on the fake site, users are prompted to log in with their credentials. Upon doing so, they encounter an error message, instructing them to contact a provided hotline for assistance.
  3. If the user calls the fraudulent number, the scammer, impersonating a Schwab representative, claims a security break and attempts to persuade the client to download the software.
  4. The ultimate aim is to gain access to the user’s device, enabling further fraudulent activities, potentially resulting in unauthorized transactions and identity theft.SEO Scam Example
Sample for illustrative purposes only.

In order to counteract these fraudulent activities, it is recommended that you avoid using search engines like Google, Safari, and Firefox when visiting significant websites with a private login. Instead, you can manually enter the known website address in your browser or save the accurate address of your frequently visited websites in your browser’s bookmarks.

It may seem overwhelming, but these are small, actionable steps that you can take to keep your information protected. Stay smart, remain diligent, and if you have a bad feeling about a particular email or phone call, it never hurts to double check that the request is legitimate. We say it all the time, but during tax season, it especially rings true: better to be safe than sorry.



1 Morgan, Steve. Cybercrime Magazine. 2022 Cybersecurity Almanac: 100 Facts, Figures, Predictions And Statistics (January 19,2022). Retrieved on March 8, 2022 from
2 Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation. Transition to Distance Learning Creates Opportunities for Cyber Actors to Disrupt Instruction and Steal Data (December 15, 2020). Retrieved on March 16, 2021 from

Important Disclosure: This content is for informational purposes only. Opinions expressed herein are subject to change without notice. Beacon Pointe has exercised all reasonable professional care in preparing this information. The information has been obtained from third-party sources we believe to be reliable; however, Beacon Pointe has not independently verified, or attested to, the accuracy or authenticity of the information. Nothing contained herein should be construed or relied upon as investment, legal or tax advice. Only private legal counsel may recommend the application of this general information to any particular situation or prepare an instrument chosen to implement the design discussed herein. An investor should consult with their financial professional before making any investment decisions.

© Beacon Pointe Advisors. All Rights Reserved.


You are now leaving the website of Beacon Pointe Advisors and will be entering the website for Institutional Intelligent Portfolios®, an automated investment management service made available to you exclusively through Beacon Pointe Advisors. Beacon Pointe Advisors is independent of and not owned by, affiliated with, or sponsored or supervised by Schwab. Schwab has no responsibility for the content of Beacon Pointe Advisors' website. This link to the Institutional Intelligent Portfolios website should not be considered to be either a recommendation by SPT, Schwab, or any of their affiliates, or a solicitation of any offer to purchase or sell any security.

Privacy Preferences
When you visit our website, it may store information through your browser from specific services, usually in form of cookies. Here you can change your privacy preferences. Please note that blocking some types of cookies may impact your experience on our website and the services we offer.