Cybersecurity, Policies and Training

Tax Season Scams and Online Safety Tips

Tax season can be a stressful time for many Americans, and while scams are prevalent year-round, there is often a greater proliferation during tax time. Scammers are waiting for you to slip up so they can steal your personal information, money, and identity. The National Cybersecurity Alliance and the Internal Revenue Service (IRS) want to help you stay safe online while filing your taxes with these best practices, tips, and resources.

Before You Get Started

  • Enable multi-factor authentication (MFA): Use MFA wherever possible. It will fortify your online accounts by creating an extra layer of security, such as a unique one-time code sent to your phone. Most major email and online tax preparation services have this tool available.
  • Install a password manager: Remembering unique passwords for accounts is difficult. Store your log-in credentials in a password manager. Password managers will automatically populate your username and password upon log in, and even recommend strong new passwords for each account.
  • Update software: Before filing your taxes at home or work, be sure that all internet-connected devices—including PCs, smartphones, and tablets—are running the most current versions of software to improve the performance and security of your devices.
  • Know your IP PIN: An Identity Protection PIN (IP PIN) is a six-digit number that prevents someone else from filing a tax return using your Social Security number. The IP PIN is known only to you and the IRS and helps verify your identity when you file your electronic or paper tax return. Protect your IP PIN as you would other sensitive information.

Watch Out for Scams

Unsolicited emails, calls, texts, or direct messages that prompt you to click on a link or share valuable personal and financial information are very likely scams. With your personal data, online thieves can swindle funds and/or commit identity theft. Learn how to recognize a scam with the following tips:

What do real IRS communications look like?

Contact from the IRS is typically initiated via the U.S. Postal Service. Be skeptical of any phone calls, emails, social media messages, or texts claiming to be from the IRS, or other government agencies. They will only call once they have established a line of communication with you via physical mail first.

The IRS will not demand you make an immediate payment to a source other than the U.S. Treasury. Unscrupulous callers claiming to be federal employees can be very convincing by using fake names or phony ID numbers. If you are unsure if the caller is legitimate, hang up, look up the direct number for the agency online, and call that source to verify.

Other red flags

  • Requests for data: Be wary of any communications that ask you to provide personal information such as bank account information, Social Security numbers, log-in credentials, or mailing addresses.
  • Urgency: The sender uses an abnormal sense of urgency, or other scare tactics, to obtain information.
  • Attachments: The message includes an attachment, such as a PDF. Never open attachments from a suspicious or unknown email address. It may download malware or viruses onto your device.

Did you spot a scam? Report it.

Reporting phishing helps prevent future phishing attempts and protect others. Report IRS, Treasury, or other scam attempts to the following agencies:

Working with Tax Preparers

Do your research

Vet your tax preparer before handing over sensitive information and ask what steps they take to protect your information. Businesses of all sizes are susceptible to cyberthieves, so it is critical to choose a preparer who takes security seriously.

Choose the right tax preparer

Be selective about who you choose to file your taxes. Consider asking them the following questions:

  • How will we exchange files and sensitive information?
  • Who at your firm has access to my data?
  • Are our communications end-to-end encrypted?
  • What types of network security have you implemented?
  • How do you back up client data?

Securely send documents

The most secure way of transferring documents is physically, either handing them to your tax preparer in person or sending them through the mail. However, if you must transfer them electronically, be sure to do it as securely as possible: Encrypt your files before sending them via email. Encryption protect the content from being read by entities other than the intended recipients. Encryption features are available on most major email platforms. Use a secure portal to upload documents. Portals encrypt documents during transfer and storage and limit access to only approved individuals.

Back it up

Protect your valuable documents by making an electronic copy and storing it safely. If you have a copy of your data and your device falls victim to ransomware, you will be able to restore the data from a backup. Use the 3-2-1 rule as a guide to backing up your data:

Keep at least three (3) copies of your data: Store two (2) backup copies on different storage media, With one (1) of them located offsite.

Additional resources

Resources for tax professionals