But the most sophisticated criminals expect even more, and sellers of stolen data are adjusting accordingly. "They might sell a package of credit cards from employees of one specific company, to be used in industrial espionage," Perry said.
Building these data sets takes time, and because victims do not always lose money at the moment their security is compromised, the threats are all the more insidious. Perry said that there can be some time between the security breach (say, in February), the theft of data (at tax time in March or April), and the loss of money (perhaps in the summer). It's a mistake to feel safe just because nothing bad has happened. "Right now, people may have a key logger on their system and not know it," he said.
Data theft is not the only tax time scam. Perry warned that some online tax preparers will take a fee to prepare taxes and then steal the refund and then sell their victims' personal information on the Internet. He said that it may seem particularly cruel to steal the refund, but that it does happen.
Of course, security experts are eager to talk about these threats because they are eager to sell solutions. Companies are slashing IT budgets, but they are still spending money on security.
Tal Golan, founder, president and CTO of Sendio, said that enterprise users have to protect their domain names. He claimed that companies using his anti-spam solution don't get e-mail tax scams. Sendio's E-mail Security Platform (ESP) uses challenge-response and more traditional technologies and it works with technology partners such as Kaspersky and Commtouch.
It also takes advantage of Sender Policy Framework (SPF) (define) and Domain Keys Identified Mail (DKIM) (define), which are technologies designed to prevent the spoofing of domains and e-mail addresses.
Golan strongly recommended that anyone who is responsible for managing a domain fully implement DKIM and SPF. "Even if you don't want to buy Sendio technology, please take responsibility for your domain," he said.
TrendMicro recommends that at a minimum, concerned Internet users take advantage of its free products, including TrendMicro HouseCall, but says that everyone should have a full Internet security suite in place.
Trend Micro advised online users to exercise caution. The company recommended that people encrypt data where possible, scan their PC for malware before using it to file a tax return, and be especially cautious of tax-related e-mails and Web sites at this time.
This article was first published on InternetNews.com.