Tax Season Security Tips
March 13, 2024
Source: Online Safety + Privacy Basics, National Cybersecurity Alliance, July 2023
An uptick in cybercrime adds to tax time stress, but you can protect yourself and your identity.
Tax season can be a frantic time for many Americans, and the increase in tax-related scams doesn’t make the first few months of each year any calmer. In 2023, identity theft detection systems used by the Internal Revenue Service flagged over 1.1 million tax returns as potentially fraudulent with accumulative refunds totaling over $6 billion. Cybercriminals love to catfish as the IRS, but by adopting some security behaviors, you can stay safe while filing your taxes.
CYBER SMART TAX TRICKS
There are a few best practices you can follow that will drastically improve your security during tax season:
File Early
We recommend filing your taxes as early as you can. Generally, the IRS requires employers to send out Form W-2, as well as documents like Form 1099-MISC for independent contractors, by January 31 of each year. The sooner you file, the less time cybercriminals have to file a fake return and try to nab your refund. It is a classic case of an ounce of prevention being worth a pound of cure – it’s much harder to get back all your return after having your identity stolen than it is to file early. While having your refund routed illegally to a scammer’s bank account isn’t common, getting done with your taxes ASAP reduces the chances of this type of disaster even more.
Use an IP Pin
You can get a special Identity Protection PIN (IP PIN) from the IRS to secure your online tax information. An IP PIN is a six-digit number that prevents someone else from filing a tax return using your Social Security number. If you’ve been alerted that your Social Security number was part of a data breach, you should apply for an IP PIN. The IP PIN is known only to you and the IRS and helps verify your identity when you file your electronic or paper tax return. Protect your IP PIN as you would other sensitive information.
Enable MFA
Use multi-factor authentication (MFA) wherever possible, including any account related to your taxes. MFA fortifies online accounts by creating an extra layer of security, such as a unique one-time code sent to your phone or to a standalone app. Even if hackers get ahold of your password, MFA keeps your accounts locked down. Be aware of “MFA fatigue,” too. Of course, if you get an MFA notification that you are trying to log into an important account (like your tax preparer’s platform) and didn’t make the request, don’t grant access.
Watch out for scammers
Cybercriminals love wearing their IRS costume during tax season, and you might receive phishing messages that push you to take urgent action before you can think. The IRS will not email, text, or DM you. Criminals impersonating federal employees can be very convincing by using fake names, presenting fake credentials, or spoofing telephone numbers. If you are unsure if the caller is legitimate, hang up, look up the direct number for the agency online, and call that agency to verify. Additionally, a real IRS employee won’t demand immediate payment to a source other than the U.S. Treasury.
HOW WILL THE IRS COMMUNICATE WITH YOU?
The biggest red flag that you are being targeted for an IRS scam is that you get a phone call or message from a supposed IRS representative without receiving any mail from the agency. Contact from the IRS is initiated via the United States Postal Service. The IRS might call after it has sent you physical mail first, especially if you haven’t responded to multiple letters. An IRS agent might also visit you in person, but only after sending several notices in the mail. The IRS won’t try to get ahold of you through text, email, and social media messages.
OTHER IRS SCAM RED FLAGS
Requests for data: Be extremely suspicious of any communications that ask you to provide personal information such as bank account information, Social Security numbers, login credentials, or mailing addresses. Cybercriminals will often impersonate the IRS in phishing campaigns.
Urgency: Scammers use an abnormal sense of urgency and other scare tactics to obtain information. Their goal is to make you panic and stop thinking clearly.
Attachments: Watch out for any message that includes an attachment, such as a PDF. Never open attachments from a suspicious or unknown email address. It may download malware or viruses onto your device.
Impersonating tax preparers: Along with the IRS, scammers imitate popular tax programs like TurboTax and H&R Block. These companies will never contact you through phone, email, or text asking for your login information. They also won’t ask you to give them an MFA code you didn’t request.
HOW TO VET YOUR TAX PREPARER
Working with a professional tax preparer or accountant is the recommended way to avoid audits and ensure you get the maximum refund. However, because this person or business will access some of your most sensitive information, you must ensure they follow cybersecurity best practices.
Do your Research
Vet your tax preparer before hiring them. Ask what steps they take to protect your information. Businesses of all sizes are susceptible to cybercrime, so you want a preparer who takes security seriously. Here are some specific questions you can ask:
- How will we exchange files and sensitive information?
- Who at your firm will have access to my data?
- Are our communications end-to-end encrypted?
- What types of network security have you implemented?
- How do you back up client data?
Securely send documents
When it comes to data privacy, sometimes it is best to take it offline – one of the most secure ways to transfer your most sensitive documents is physically, either delivering them in person or through the mail. When communicating with your tax preparer digitally, use encrypted email services or a special encrypted portal. Encryption protects the email contents from being read by entities other than the intended recipients. Request an encrypted portal for uploading your documents because it restricts access to these files.
Back it up
Like any important documents or files, you should back up everything related to your taxes. Make electronic copies, such as scans or photos, of your tax documents. Back up all your files on the cloud, an external hard drive, or both. Keeping physical copies of your tax records is a good idea, too. In most cases, the IRS recommends keeping records for 3 years from the date you filed or 2 years from when you paid the taxes, but check the IRS website to see their guidelines for your situation.
REPORT SCAMS
If you think you are the target of a tax scam, report it immediately: