The Security Summit will remind taxpayers to approach Cyber Monday holiday shopping with caution because scammers are also shopping – for their next victim’s personal information. Beware of common email scams including phishing and smishing, spear phishing, clone phishing and whaling. Other common scams include fake delivery notifications, a particularly active scam during the busy holiday season, as well as unexpected messages promising people a tax refund.

Especially during the holiday season, some basic safety steps include:

  • Shop at sites with web addresses that begin with the letters “https:” – the “s” stands for secure communications; also look for a padlock icon in the browser window.
  • Don’t shop on unsecured public Wi-Fi in places like a mall or restaurant.
  • Ensure security software is updated on computers, tablets and mobile phones, includes a feature to stop malware, and that there is a firewall enabled to prevent intrusions.
  • Protect the devices of family members, including young children, older adults and other less technologically savvy users.
  • Use strong, unique passwords for online accounts.
  • Use multi-factor authentication whenever possible.

Tuesday: Don’t fall for schemes, misinformation on social media

The IRS and Summit partners continue to see a variety of filing season hashtags and social media topics misleading taxpayers with inaccurate and potentially fraudulent information. Many of these share a common theme of people trying to use legitimate tax forms for the wrong reason.

 

The IRS has seen a spike this year in the following scams:

  • Self Employment Tax Credit, which in reality doesn’t exist.
  • Household employment taxes, which taxpayers are coaxed into claiming by inventing fake household employees.
  • Fuel Tax Credit, for which many claimants aren’t eligible as it’s meant for off-highway business and farming use. The vast majority of individual taxpayers do not qualify for the Fuel Tax Credit. It is only for businesses that use certain types of fuel (not for the gas people put in their car).
  • Inflated Income and Withholding, which encourages people to use tax software to manually fill out Form W-2, Wage and Tax Statement, and include false income information.
  • Claim of Right, in which taxpayers are advised to file tax returns and attempt to take a deduction equal to the entire amount of their wages.

 

Wednesday: Get an IP PIN and IRS Online Account

The IRS will remind taxpayers to add an extra layer of protection between their tax returns and identity thieves by joining the Identity Protection Personal Identification Number (IP PIN) program at the start of the 2025 tax season. They can do so after creating an IRS Online Account, a critical online tool that allows taxpayers to securely access their tax and return information from prior years.

 

  • An IP PIN is a unique six-digit number used to verify a taxpayer’s identity when filing a return.
  • More than 10.4 million taxpayers already have their IP PIN.
  • To get one, a taxpayer must create or sign onto their IRS online account and set a reminder to sign-in in early January, when the IP PIN program reopens for registration following a brief shutdown for maintenance.
  • IP PINS are only valid for a year; participating taxpayers must acquire a new PIN annually.
  • Never share an IP PIN with anyone but a trusted tax advisor.

 

Thursday: Update digital security to protect businesses and customers

The Security Summit partners will offer taxpayers ways to guard against identity thieves looking to pilfer personal information like names, passwords and account numbers. The fraudsters are relentless in sending emails, texts and direct messages made to look like they come from a legitimate source, like the IRS, state tax agencies, a bank or a trusted tax professional. Taxpayers need to watch for such solicitations and the dangerous links, attachments and contact information they contain. Never click, call or reply on these without first independently verifying the source.

 

Steps that can protect taxpayers, businesses and tax professionals include:

  • Automatically update security software.
  • Back up important files.
  • Require strong passwords and pair them with multi-factor authentication (MFA).
  • Encrypt all devices.

 

Friday: Tax pros need to maintain heightened awareness

Identity thieves on the hunt for taxpayer data aren’t just targeting taxpayers, they’re also going after tax professionals who receive and hold large amounts of sensitive taxpayer data. This makes the tax pros a tempting target for identity thieves.

To help guard against loss, the IRS and Security Summit partners this year released an updated Written Information Security Plan (WISP). Tax pros can use these as a roadmap to protect their practice. Under federal law, tax pros are required to have a WISP on hand, and this tool offers an easy template that can be scaled to any size tax practice. The Summit partners also remind tax pros that they also required by law to use MFA with clients.

In addition to getting a WISP and establishing an action plan in case of a system breach or data theft, the IRS also recommends signing up for a Tax Pro Account. The Summit partners also remind tax pros to report a security event affecting 500 or more people to the FTC as soon as possible, but no later than 30 days from the date of discovery.

Go to National Tax Security Awareness Week 2024 for additional information.

More resources

For more information on preventing tax information theft, visit Security Summit.

Victims of identity theft can visit Identity Theft Central.

Find additional information at Tax Scams.

Get reliable tax information from the following trusted sources: