Kicking off a special week, the Internal Revenue Service and the Security Summit partners today warned taxpayers and tax professionals to beware of a dangerous combination of events that can increase their exposure to tax scams or identity theft.
The combination of the holiday shopping season, the upcoming tax season, and the pandemic create additional opportunities for criminals to steal sensitive personal or financial information. People should take extra care while shopping online or viewing emails and texts.
The IRS, state tax agencies, and the nation’s tax industry – working together as the Security Summit – mark today’s start of the 6th annual National Tax Security Awareness Week with tips on basic safeguards everyone should take. These can help protect against identity theft as well as help safeguard sensitive tax information that criminals can use to try filing fake tax returns and obtaining refunds.
“Don’t let this be the most wonderful time of the year for identity thieves,” said IRS Commissioner Chuck Rettig. “The approach of the holidays and tax season increases the risk for taxpayers and opportunities for criminals. We urge people to be extra careful with their personal and financial information during this period while shopping online or getting suspicious emails or texts. Taking a few simple steps can keep people from becoming victims of identity theft and protect their sensitive personal information needed for tax returns and refunds.”
Since 2015, the IRS and Security Summit partners have taken important steps to protect taxpayers and the nation’s tax professionals from tax-related identity theft. But progress in this area led identity thieves to evolve their tactics, trying to obtain sensitive information from taxpayers and tax professionals to help prepare fraudulent tax returns. Taxpayers can help in this fight by protecting their financial and tax information. Summit partners continue to highlight safety steps in the “Taxes.Security.Together” effort.
As part of that effort, National Tax Security Awareness Week is designed to help share information with taxpayers and tax professionals during this critical period. The special week includes special informational graphics and social media efforts on platforms including Twitter and Instagram through @IRSnews and #TaxSecurity.
A special emphasis for this year on social media will be focusing tax security awareness on younger and older Americans. Even if someone doesn’t file a tax return, their online interactions can lead to scam artists obtaining sensitive information and using it to try obtaining a refund.
Highlights of this year’s National Tax Security Awareness Week include:
Nov.29: Day 1 – Cyber Monday: Protect personal and financial information online
The IRS and the Security Summit partners remind people to take these basic steps:
- Use security software for computers and mobile phones – and keep it updated.
- Avoid phishing scams, especially related to tax refunds and COVID-19, Economic Impact Payments and other tax law changes.
- Use strong and unique passwords for all accounts.
- Use multi-factor authentication whenever possible.
- Shop only secure websites; look for the “https” in web addresses and the padlock icon; avoid shopping on unsecured and public Wi-Fi in places like coffee shops, malls or restaurants.
Nov.30: Day 2 – Giving Tuesday: Beware of scammers using fake charities
The IRS and the Security Summit partners warn people to avoid getting scammed when donating to charities. The agency provides the following tips:
- Individuals should never let any caller pressure them into giving a donation without allowing time for them to do some research.
- Confirm the charity is real by asking for its exact name, website and mailing address and confirming it later.
- Be careful about how a donation is made. After researching the charity, pay by credit card or check and not by gift card or wiring money.
Dec.1: Day 3 – Get an Identity Protection PIN
Taxpayers who can verify their identities online may opt into the IRS IP PIN program – a major expansion of the program from previous years. This is another tool taxpayers can use to protect themselves – and their tax refund. Here’s what taxpayers need to know:
- The Identity Protection PIN or IP PIN is a six-digit code known only to the individual and the IRS. It provides another layer of protection for taxpayers’ Social Security numbers on tax returns.
- Use the Get an Identity Protection PIN (IP PIN) tool at IRS.gov/IPPIN to immediately get an IP PIN.
- Never share the IP PIN with anyone but a trusted tax provider.
Dec.2: Day 4 – Tax professionals should review their security protocols
As identity thieves continue targeting tax professionals, the IRS and the Summit partners urge practitioners to review the “Taxes-Security-Together” Checklist, including:
- Deploy basic security measures.
- Use multi-factor authentication to protect tax software accounts.
- Create a Virtual Private Network if working remotely.
- Create a written data security plan as required by federal law.
- Know about phishing and phone scams, especially related to Electronic Filing Identification Numbers (EFINs), COVID-19 related tax-law changes including Economic Impact Payments.
- Create data security and data theft recovery plans.
Dec.3: Day 5 – Use digital signatures to submit IRS forms and check account details on a secure portal
The IRS began accepting digital signatures on a variety of forms this past year. Additionally, the agency made improvements to its online accounts platform to help both tax pros and individuals.
- Tax pros may go to the new Tax Pro Account on IRS.gov to digitally initiate Power of Attorney and Tax Information Authorization requests.
- Taxpayers have digital control over who can represent them or see their account information on the Online Account portal.
- The IRS now accepts a wide array of digital signatures on a number of forms that cannot be electronically filed.
Dec.3: Day 5 – Businesses should implement safeguards; watch out for tax-related scams
Most cyberattacks are aimed at small businesses with fewer than 100 employees. Here are some details from this segment:
- Learn about best security practices for small businesses.
- IRS continues protective masking of sensitive information on business transcripts.
- A Business Identity Theft Affidavit – Form 14039-B – is available for all businesses to report theft to the IRS.
- Beware of various scams, especially the W-2 scam that attempts to steal employee income information.
- Check out the “Business” section on IRS’s Identity Theft Central at IRS.gov/identify theft.
10 key steps to protect sensitive information:
To help taxpayers and tax professionals, the Security Summit offers 10 basic steps everyone should remember during the holidays and as the 2022 tax season approaches:
- Don’t forget to use security software for computers, tablets and mobile phones – and keep it updated. Protect electronic devices of family members, especially teens and young children.
- Make sure anti-virus software for computers has a feature to stop malware, and there is a firewall enabled that can prevent intrusions.
- Phishing scams – like imposter emails, calls and texts — are the No. 1 way thieves steal personal data. Don’t open links or attachments on suspicious emails. This year, fraud scams related to COVID-19, Economic Impact Payments and other tax law changes are common.
- Use strong and unique passwords for online accounts. Use a phrase or series of words that can be easily remembered or use a password manager.
- Use multi-factor authentication whenever possible. Many email providers and social media sites offer this feature. It helps prevent thieves from easily hacking accounts.
- Shop at sites where the web address begins with “https” – the “s” is for secure communications over the computer network. Also, look for the “padlock” icon in the browser window.
- Don’t shop on unsecured public Wi-Fi in places like a mall. Remember, thieves can eavesdrop.
- At home, secure home Wi-Fis with a password. With more homes connected to the web, secured systems become more important, from wireless printers, wireless door locks to wireless thermometers. These can be access points for identity thieves.
- Back up files on computers and mobile phones. A cloud service or an external hard drive can be used to copy information from computers or phones – providing an important place to recover financial or tax data.
- Working from home? Consider creating a virtual private network (VPN) to securely connect to your workplace.
Other common warning signs; additional places for information
The IRS and Summit partners continue to see identity thieves trying to look like government agencies and others in the tax community by emailing or texting about tax refunds, stimulus payments, or other items. Remember, the IRS will not call or send unexpected texts or emails about things like refunds. More information about these common scams is available at IRS Tax Tip: Common tax scams and tips to help taxpayers avoid them.
The IRS and Security Summit partners are sharing YouTube videos on security steps for taxpayers. The videos can be viewed or downloaded at Easy Steps to Protect Your Computer and Phone and Here’s How to Avoid IRS Text Message Scams.
Employers also can share Publication 4524, Security Awareness for Taxpayers (.pdf), with their employees and customers while tax professionals can share with clients.
In addition, the Summit partners remind people these security measures include mobile phones – an area that people sometimes can overlook. Thieves have become more adept at compromising mobile phones. Phone users also are more prone to open a scam email from their phone than from their computer.
Taxpayers can check out security recommendations for their specific mobile phone by reviewing the Federal Communications Commission’s Smartphone Security Checker. Since phones are used for shopping and even for doing taxes, remember to make sure phones and tablets are just as secure as computers.
During the pandemic, there continue to be numerous scams related to COVID-19. These can be attempts to gain sensitive personal or financial information. The Federal Trade Commission also has issued alerts; consumers can keep atop the latest scam information and report COVID-related scams.
The IRS, state tax agencies, the private-sector tax industry, including tax professionals, work in partnership with the Security Summit to help protect taxpayers from identity theft and refund fraud. This is the first in a week-long series of tips to raise awareness about identity theft.
