There’s more to think about this tax season than simply filing by April 18. Just ask the CEO of Sunrun.

Earlier this year, a hacker posed as the head of the residential solar company to request W-2 tax form data from the payroll department. And since it was nearing tax season, it seemed legitimate. Sensitive data on than 3,400 employees was exposed before the email was recognized as a cyber scam.[1]

The cybercriminal can sell this stolen W-2 tax form data the on the dark web for the Bitcoin equivalent of about $4 to $20 each. The higher the salary, the more the W-2 data is valued.

Unfortunately, this kind of targeted cyber-attack is common. It’s a more directed form of phishing called spear-phishing. Phishing is the use of “bait” to trick a victim into giving up information. In a spear-phishing attack, the “bait” is a carefully written, detailed email that looks like it’s really from a trustworthy source. But the only thing that’s real about it is the damage it can cause.

Cyber-attacks are becoming especially common when we’re preparing to file our taxes. According to the Internal Revenue Service, tax refund fraud hit approximately $21 billion in 2016. Compare that to just four years ago, when it reached $6.5 billion.[2]

Here are three things you can do to protect yourself and your organization from becoming a cyber statistic during tax season.

Show up early.

Don’t wait until your company is in trouble to safeguard your sensitive data. Your first year-round defense against hackers is an access rights assessment by a reputable cyber security company. An access rights assessment identifies users who have unnecessary rights to your system or who haven’t logged on in a while. This way, you’ll identify weaknesses before hackers do.

Beat them to the punch.

With an access rights assessment, you can remediate weaknesses before hackers get a foothold. The same early-bird approach goes for tax season, too. File your taxes early before hackers can do it for you. It’s about being first to take action. And if there has been a breach, you can swiftly stop the damage by shutting down your system or freezing your credit file.

Stay on top of it.

Keep your guard up long after you’ve filed your taxes. Hackers are always angling in new ways to infiltrate networks, so stay alert. Your cybersecurity company can continuously monitor your system to ensure that security remains a top priority. You can also follow up on your tax filing by regularly monitoring your credit. Requesting a quarterly copy of your credit report helps you keep tabs on and dispute any unauthorized activity.

While we may not be able to do anything about the grumbling that comes with tax season, we can help to make it a secure season for businesses and individuals. Keep these three cyber tips in mind – not only when filing taxes but all year long.

Umesh Verma, CEO, Blue LanceUmesh Verma is the award-winning CEO and driving force behind Blue Lance, the global provider of cybersecurity governance solutions. For more than 25 years, Blue Lance’s automated software solutions have been protecting digitally managed corporate assets by assessing, remediating, and monitoring security of information systems. Call Blue Lance at 1-800-856-2586 for your 25-point Access Rights Assessment, or get social with us on LinkedInFacebook, or Twitter.


1] David Baker, “Hacker impersonates Sunrun CEO, nabs employee W-2 tax forms,” SFGATE,, accessed March 21, 2017.

[2] Matt Hunter, “Tax Refund Fraud Soaring, Little IRS Can Do,” NBC News,, accessed Marc 21, 2017.