As we recently reported, on October 20, the IRS announced the implementation of new measures developed in collaboration with state taxing authorities and tax industry leaders to prevent identity theft in refund fraud. On November 19, the IRS announced the latest step in this collaborative effort that began in March.
The “Taxes. Security. Together.” campaign is designed to raise public awareness that even routine actions on the internet and personal devices can affect the safety of individuals’ financial and tax data. Because the majority of tax returns are prepared on laptops, desktops, or smartphones, and because many will receive new devices during the holiday season, the campaign is designed to ensure that the public prepares taxes on secure devices. “The IRS, the states, and the tax industry are putting in place even tougher safeguards for 2016,” said IRS Commissioner John Koskinen. “But, we need the public’s help. We need people to join with us and take an active role in protecting their personal and financial data from thieves.”
As part of the campaign, the IRS will release weekly tax tips on Mondays continuing through the start of tax season in January. The tips focus on steps people can take to secure their personal devices, avoid phishing scams, and protect personal information.
On November 23, the IRS released the first Tax Tip, which outlined seven ways people can protect their computers:
- Understand and use security software, including essential tools such as a firewall, virus/malware protection, file encryption, anti-spam software, and pop-up blockers.
- Allow security software to update automatically to combat ever-evolving malware.
- When shopping or banking online, ensure that websites use encryption to protect your personal information by only using “https” websites, rather than “http.”
- Use strong passwords with at least 10 to 12 characters and a mix of letters, numbers, and special characters, and avoid using names, birthdays, or other common words.
- Secure your wireless network to prevent other computers from accessing and stealing information from your computer.
- Be cautious when using unsecured public wireless networks as sensitive information sent through websites or mobile apps while on unsecured public networks may be accessed by others.
- Avoid phishing attempts, and never reply to emails, texts, or pop-up messages asking for your personal information.
On November 30, the IRS released the second Tax Tip, which focused on ways to identify and avoid phishing and malware. In phishing scams, criminals pose as a trusted person or organization, such as a friend, a bank, a credit card company, or the IRS, and make phone calls or send emails designed to trick people into sharing personal or financial information. Through emails and websites, criminals can also infect computers with malware, which gives them access to personal devices, thereby enabling them to access sensitive files or track keyboard strokes to gain login information. Thieves can then use the personal and financial information gained through these means to file fraudulent tax returns.
The IRS emphasized that no legitimate organization will ever ask for sensitive information through unsecured methods like email, and the IRS never sends unsolicited emails or makes calls threatening jail or lawsuits unless immediate payment is made.
The Tax Tip outlined six steps people can take to protect themselves from these schemes:
- Avoid suspicious emails that appear to be from the IRS or other companies, and do not click any links in emails you do not recognize.
- Beware of phishing scams that ask you to update or verify your accounts.
- Do not open attachments in emails you do not recognize.
- Download and install software only from websites you know and trust.
- Use security software to block pop-up ads, which can contain viruses.
- Ensure that other family members who use personal devices practice safe online and computer habits.
Additional federal resources: