You are here

TaxSlayer: File this one under authentication

Share this page

Have you ever filed your taxes using an online tax prep account? If so, you’ll want to know about the FTC’s recent settlement with TaxSlayer, LLC.

What happened? From October until December 2015, hackers used user names and passwords stolen from other websites to try to log in to TaxSlayer Online. Because consumers sometimes reuse passwords, hackers were able to gain full access to more than 8,800 TaxSlayer Online accounts. Thieves could have filed fraudulent tax returns, changed bank routing numbers, and sent tax refunds to themselves.

How could this happen? According to the FTC, TaxSlayer didn’t require users to have strong passwords, didn’t have a written information security program, and wasn’t doing risk assessments to identify threats to customer information. The FTC’s settlement requires TaxSlayer to have a written security program and safeguards to protect customer information.

Still worried about keeping your tax information safe? Here are some steps you can take to reduce the likelihood of tax identity theft:

  • Use a strong password or passphrase for logging in to any online tax filing program. It should have at least 10 characters. Longer, unique, and memorable passwords or passphrases (which are a sequence of words) are better than short passwords. Don’t reuse a password you’ve used for another account.
  • Choose multi-factor authentication. If you use a tax prep software, choose one that requires multi-factor authentication – like a call or text that give you a PIN to use, in addition to your login and password. In this case, it was only after TaxSlayer Online started requiring multi-factor authentication that the hackers could no longer get into accounts.
  • Don’t use public Wi-Fi when working on your taxes. It’s easy for hackers to get access to your personal information through public Wi-Fi.

If you’re a victim of tax identity theft, then go to IdentityTheft.gov to report it to the FTC. You’ll get a personal recovery plan that walks you through the steps to fix problems caused by identity theft.

Comments

Please contact w info about my case

I have begun to use short phrases instead of numbers. They are easier to remember and harder to discover.

I'm just responding to the email. Am I one of the ones who could be getting a partial refund back from my online account being frauded, and scammer calls?

I was tould i would be payed by a man name john who owed me for working in my gmael for him doing bata checks and data checks he stated he could not pay me do to his mony was tied up in his bissnes that he had me sing in my drive an send back forms i signd.to recive the biness or coparation that was stould from me by sec.cuss thay are controling bond an deeds that were given to me and now i was tould he died. John smith but rilly john tepalton and why did sec still from my phone bonds pattens spreed sheets notes an stocks from my phone????

You can make a complaint to the SEC online. Use this link to the complaint form.

What's a good example of a password for my account.it keep saying does not meet criteria

Each website can set its own criteria for your password. Read the criteria carefully. Does it require you to use upper-case letters? Does it require you to use numbers? You must create a password that agrees with the criteria.

Leave a Comment