WASHINGTON — On Cyber Monday, the Internal Revenue Service and the Security Summit partners kicked-off the 7th National Tax Security Awareness Week with information for taxpayers and tax professionals on how to avoid scams and protect sensitive personal information.
With the holiday season now in full swing, the period presents a prime opportunity for identity thieves to try stealing personal financial information, which also could be used to potentially file fraudulent tax returns. People can face risks if they’re shopping online and using publicly accessible Wi-Fi. And the Summit reminds people that fictitious text scams with “smishing” schemes continue during this period.
“With holiday shopping starting and the 2023 tax season quickly approaching, many people will be using laptops and personal devices to share sensitive financial information,” said IRS Acting Commissioner Doug O’Donnell. “In the months ahead, these same devices will be used to complete millions of tax returns by both taxpayers and tax professionals, making the holiday season the perfect time to take steps to protect your valuable information and watch out for scams.”
Formed in 2015, the Security Summit partnership between the IRS, state tax administrators and the tax software and tax professional community have worked together to improve defenses and protect people from tax-related identity theft. As part of that effort, the Summit partners worked to raise taxpayer and tax professional awareness about security issues – not only protecting people from the risk of identity theft but helping protect the nation’s tax system from refund-related fraud.
The Summit partners urged people to take extra care while shopping online or viewing emails and texts, especially during the holiday season when criminals are very active. The Security Summit reminds everyone to stay safe while holiday shopping with the following considerations:
- Shop at sites where the web address begins with “https” – the “s” is for secure communications and look for the “padlock” icon in the browser window.
- Don’t shop on unsecured public Wi-Fi in places like a mall.
- Keep security software for computers, tablets and mobile phones updated.
- Protect the devices of family members, including young children, older adults as well as less technologically savvy users.
- Make sure anti-virus software for computers has a feature to stop malware, and that there is a firewall enabled that can prevent intrusions.
- Use strong and unique passwords for online accounts.
- Use multi-factor authentication whenever possible. It helps prevent thieves from easily hacking accounts.
The IRS also reminds people about advice from the Federal Trade Commission to never buy anything from online sellers that accept payment only by gift cards, money transfers through companies like Western Union or MoneyGram or cryptocurrency. Payments you make that way are nearly impossible to trace and reverse. Scammers often tell people to use those payment methods so they can get money quickly.
Additionally, the IRS warned taxpayers of a recent increase in IRS-themed texting scams aimed at stealing personal and financial information. During 2022, the IRS identified and reported thousands of fraudulent domains tied to multiple MMS/SMS/text scams (known as smishing) targeting taxpayers.
Smishing campaigns target mobile phone users, and the scam messages often look like they’re coming from the IRS, offering lures like fake COVID relief, tax credits or help setting up an IRS online account. Recipients of these IRS-related scams can report them to firstname.lastname@example.org.
Stolen data can be used to file fraudulent tax returns that make it more difficult for the IRS and the states to detect because the fraudulent returns use real financial information. Other data thieves sell the basic tax preparer or taxpayer information on the web so other fraudsters can try filing fraudulent tax returns.
Given the rise of texting scams, taxpayers can check out security recommendations for their specific mobile phone by reviewing the Federal Communications Commission’s Smartphone Security Checker. Since phones are used for shopping and even for doing taxes, remember to make sure phones and tablets are just as secure as computers.
Additional tips for tax professionals, business and people working from home
Earlier this year the Protect Your Clients; Protect Yourself campaign encouraged tax professionals to focus on fundamentals and to watch out for emerging vulnerabilities being seen for those practitioners using cloud-based services for their practice. Scammers either trick or hack their way into tax professionals’ computer systems to access client data. Even when tax pros think they have client data stored in a secure cloud, lack of strong authentication can make this information vulnerable.
Additional considerations for businesses and those working from home include:
- Use separate personal and business computers, mobile devices and email accounts.
- Do not send sensitive business information to personal email devices.
- Do not conduct business, including online business banking, on a personal computer or device.
- Do not engage in web surfing, gaming or video downloading on business computers or devices.
- Do not share USB drives or external hard drives between personal and business computers or devices.
- Never connect an unknown/untrusted piece of hardware into the system or network.
- Change passwords often. Every three months is recommended. Consider using a password management application to store passwords. Passwords to devices and applications that contain business information should not be reused.
This is the first in a series of press releases highlighting the Summit partner’s National Tax Security Awareness Week from Nov. 28 through Dec. 2, which will feature a week-long series of educational materials to help protect individuals, businesses and tax professionals from identity theft. The effort includes a Nov. 29 webinar titled Deeper Dive Into Emerging Cyber Crimes and Crypto Tax Compliance, special informational graphics and a social media effort on Twitter, Facebook and YouTube. Follow @IRSTaxSecurity, @IRSnews and #TaxSecurity on Twitter for the latest information.
Additional resources for tax professionals
In addition to reviewing IRS Publication 4557, Safeguarding Taxpayer Data, tax professionals can also get help with security recommendations by reviewing Small Business Information Security: The Fundamentals by the National Institute of Standards and Technology. The IRS Identity Theft Central pages for tax pros, individuals and businesses have important details as well.
Publication 5293, Data Security Resource Guide for Tax Professionals, provides a compilation of data theft information available on IRS.gov.