Pharming, phishing and data leaks haven't slowed electronic tax filing.

In the latest reported incident, HSBC warned 180,000 U.S. credit-card holders that their personal information may have been exposed.

Consumers may be more aware of the danger of online scams, but the speed and convenience of online tax preparation and e-filing are stronger motivators than concerns about security.


Studies show that more taxpayers will file their returns online this year, but they also show there is a slightly elevated concern about security. According to the IRS, taxpayers had e-filed 55.8 million returns as of April 8, up 8 percent from last year. The agency expects more than half of all 2004 returns to be filed electronically.

And the Consumer Internet Barometer, a quarterly survey produced by The Conference Board, found that more than a third of online households intend to file their 2004 federal taxes online, up from 28 percent a year ago. One in 10 consumers will be filing online for the first time.

The top reason cited for not filing electronically wasn't security fears, but rather that a professional tax preparer would do the filing. Fear of sending personal information over the Internet was the second most likely reason for not filing online, but fewer voiced this concern this year compared with last year.

"There's more concern, but it's less of a deterrent," said Lynn Franco, director of The Conference Board's Consumer Research Center. "The expansion of the government Free File program, plus the rapid rate at which one is refunded, outweigh the concerns."

Trust in The E-Way

Consumers have definitely heard the news about pharming and phishing, scams that divert Web users to bogus sites that steal passwords and personal information. Around 80 percent of respondents in the Barometer survey were extremely or somewhat concerned about security when banking online; but filing taxes was seen as safer than banking, bill paying or buying stocks and bonds online.

Trust is increasing as consumers have positive experiences with e-commerce, Franco said, adding that merchants, financial institutions and employers' IT departments have gotten the word out about phishing. "We've become more aware of the dos and don'ts of opening e-mails."

Growth in E-Filing
Households filing 2004 taxes online 34%
Households that filed 2003 taxes online 28%
Concerned about online-banking security 60%
Concerned about e-filing security 50%
Source: Consumer Internet Barometer

The e-file trend mirrors what the Pew Internet & American Life Project found in a survey conducted in January and February 2005 about spam. According to the survey, 28 percent of personal e-mail users were getting more spam than a year ago. Yet fewer of them minded.

Twenty-two percent said spam had reduced their e-mail use, down from 29 percent the previous year; and 53 percent said spam made them less trusting of e-mail, down from 62 percent a year ago.

Do-it-yourself tax prep software is another driver, since these products, whether boxed or Web-based, make it easy to file online without leaving the application. According to Compete, Intuit's TurboTax had 11.6 million visitors in February 2005; H&R Block received 7 million and Tax Act had 6 million.

"Customers tell us that security continues to be a concern, but it becomes subsumed to the fact that they need to get their taxes done," said Intuit spokeswoman Julie Miller. "If they're getting a refund, the benefits of e-filing and getting a refund in about a week far outweigh concerns about security." She said the average refund is around $2,400.

Miller said Intuit gives plenty of information to consumers using TurboTax to explain why the transmission is secure. There's a new statement on the corporate Web site alerting customers about phishing and assuring them the company will never ask for passwords or Social Security numbers. But she credited the IRS with leading the education push.

"They've put some muscle behind promoting e-filing, talking about security and privacy," she said.

A False Sense of E-Security?

If consumers aren't worried about tax filing-related phishing or pharming schemes, should they be? Can they expect a spate of e-mails urging them to confirm their electronic return or directing them to a look-alike tax prep site?

Not this year.

Dan Hubbard, senior director of security for Websense Security Labs, said his company hasn't seen any such attacks. Websense is a provider of Web filtering software and a member of the Anti-Phishing Working Group.

"Probably one of the reasons is that in most cases, there isn't any credit information as part of a tax return," Hubbard said, although phishers could prompt consumers to re-enter their credit cards as payment for electronic filing.

Hubbard said it's a lot harder to make money off Social Security numbers. "The goal of most phishers is to monetize or trade that information for stuff of significant value, in most cases, money or tools," he said.

But Rami Habal, senior product manager for Proofpoint, a messaging security firm that also tracks network attacks, thinks tax-related pharming attacks are just a matter of time. He said most holidays now breed a slew of related scams. This year, he saw one tax-related spam e-mail that contained a virus, which could set the stage for a pharming attack.

Habal said most viruses today are designed to deliver a payload of such nasties as key loggers, back doors allowing for further evildoing, or tools to rewrite the computer's host file and redirect the browser from legitimate sites to phony log-in pages.

"I expect this to happen next tax season," he said. "The pharming trend is only just beginning."

In March, both Proofpoint and the Anti-Phishing Working Group issued alerts about the rise of this more sophisticated con.

Electronic tax return filing relieves consumers of the last-minute dash to the main post office to get that April 15 postmark on their returns. Let's hope they use that time they save to update their virus software.