On November 18, 2019, the IRS, State Tax Agencies and the Tax Industry announced the 4th Annual National Tax Security Awareness Week, taking place between December 2 and December 6 to urge individual taxpayers, businesses and tax professionals to enhance their online security ahead of the 2020 tax filing season.
Quoting from the IRS News Release:
Security Summit partners consisting of 42 state agencies, 20 industry officials, and the Internal Revenue Service once again urge taxpayers, businesses and tax professionals to enhance their online security during the 4th Annual National Tax Security Awareness Week (Dec. 2-6), as the holiday shopping season kicks off and identity thieves step up their efforts to steal personal and financial data.
"While people are shopping online, identity thieves are trying to shoplift their sensitive information. As the holiday season and tax season approach, everyone should remember to take basic steps to protect themselves," said Chuck Rettig, IRS Commissioner. "The Security Summit has made progress in fighting back against tax-related identity theft, but we need people to watch out for common scams that can put their financial and tax data at risk."
Tax Security Awareness Week will feature a week-long series of educational materials to help protect taxpayers and tax pros against identity theft. The effort will include a special social media effort on Twitter and Instagram with @IRSnews and #TaxSecurity, including a Twitter chat on December 5. Summit partners plan a series of more than 25 events across the country in conjunction with Tax Security Awareness Week.
Also new is a special partner toolkit that features ready-to-use communication products that organizations and stakeholders can use to help raise awareness among clients, customers and employees. The toolkit offers information to share, including drop-in articles and email content for sharing and social media posts. It can be used both during the awareness week and during the 2020 filing season.
As part of the effort, the IRS and Summit partners created new YouTube videos on security steps for taxpayers. The videos can be viewed or downloaded at Easy Steps to Protect Your Computer and Phone and Avoid Phishing Emails.
The IRS also updated Publication 4524, Security Awareness for Taxpayers (PDF), which businesses can share with their employees and customers while tax professionals can share with clients.
December's National Tax Security Awareness Week features five days of basic security guidance for those most at-risk: individual taxpayers, business taxpayers and tax professionals. Highlights include:
Day 1: Protect personal and financial information online
The IRS and Security Summit remind people to take these basic steps:
- Use security software for computers and mobile phones – and keep it updated.
- Protect personal information; don't hand it out to just anyone.
- Use strong and unique passwords for all accounts.
- Use two-factor authentication whenever possible.
- Shop only secure websites; Look for the "https" in web addresses; avoid shopping on unsecured and public wi-fi in places like shopping malls.
- Routinely back up files on computers and mobile phones.
Day 2: Learn to recognize phishing emails and phone scams
Know that email scams often:
- Pose as companies people know and trust, and
- Tell an urgent story to trick victims into opening link or attachment.
Watch out for scam phone calls, too. Remember:
- The IRS does not call demanding payment with threats of jail or lawsuit.
- The IRS does not demand payment via gift or debit cards. The IRS does not accept tax payments by iTunes cards.
- The IRS does not send unsolicited emails about refunds or payments, requesting either login credentials, Social Security numbers or other sensitive information.
Day 3 – Create strong passwords to protect online accounts
The password standards have changed. Here are some simple guidelines:
- Use long phrases combined with characters and numbers. For example: SomethingOneCanRemember@30.
- Use a different password for each account; don't use an email address if that's an option and use a password manager.
- Use two-factor authentication whenever it's offered, for example on email accounts, financial accounts and social media accounts.
Day 4 – Recognize clues of identity theft
A business taxpayer may be an identity theft victim if:
- An e-filed return is rejected because a duplicate is already on file with the IRS.
- Routine extensions to file requests are rejected.
- An unexpected receipt of a tax transcript or an IRS notice is received.
- Failure to receive expected and routine correspondence from the IRS, which can be an indicator an identity thief has changed the address.
Day 5 – Tax professionals should review their safeguards
The IRS and the Summit partners urge tax pros to review the Taxes-Security-Together Checklist, including:
- Deploy basic security measures.
- Create a written data security plan as required by law.
- Know about phishing and phone scams.
- Recognize the signs of client data theft.
- Create a data theft recovery plan.