IRS, States and Tax Prep Companies Launch Security Awareness Campaign for Taxpayers

Tax Law and News Security

The Internal Revenue Service is beginning the next round of its battle against tax-related identity theft by debuting a public awareness campaign to persuade more taxpayers to safeguard their personal information, in conjunction with tax preparation companies and state tax authorities.

The new public awareness campaign—known as “Taxes. Security. Together.”—was announced Thursday during a meeting of the Security Summit, an effort the IRS organized earlier this year, bringing together state tax officials with major tax prep chains and tax software vendors. The campaign will provide important tips and reminders by email, Tax Tips and YouTube videos to taxpayers to keep their personal information safe.

“This is a powerful partnership,” said IRS commissioner John Koskinen. “We’ve made a great deal of progress for the upcoming tax season, and it shows just how much we can accomplish working together. But to keep making progress, there is another partner we need to bring on board, and that’s the taxpaying public.”

The education campaign will complement the expanded series of protections the IRS, states and tax industry are putting in place for the start of the 2016 filing season to address tax-related identity theft.

The campaign will continue through the April tax deadline. Besides emails and videos, the joint consumer campaign includes local events across the country. Several IRS publications have been added or updated to help taxpayers and tax professionals. The information will also be shared across IRS.gov, state web sites and platforms used by the tax software community and others in the tax community.

“The governments and industry are taking new steps to protect taxpayers,” said David Sullivan, tax administrator for the Rhode Island Division of Taxation and immediate past president of the Federation of Tax Administrators. “To build on this even further, we are joining forces to share important information across our websites—whether it’s at the state level, in the tax industry or at the IRS. This is an unprecedented collaborative effort for tax administration.”

Increasingly sophisticated identity thieves have gained access to extensive amounts of personal and financial data, which they buy and sell on the black market. They use this data to file fraudulent tax returns using victims’ names and Social Security numbers. While the IRS, states and tax industry are taking new steps to toughen their systems to protect taxpayers, there are also steps taxpayers can take on their own.

“People handle some of their most sensitive personal and financial information when they prepare their taxes on their home computer,” said Bernie McKay, an executive vice president at Intuit, one of more than 20 members of the tax industry participating in the Summit process. “But when they sit down, we want to help make sure they are preparing their taxes on a device that is secure. Tax time is two months away, but it’s not too early for people to make sure they are doing the right things to protect themselves.”

The IRS, states and tax industry are urging the public to take active steps to protect themselves. The partners are encouraging people to:

  • Use security software to protect computers. This includes a firewall and antivirus protection. If tax returns or sensitive data are stored on the computers, encrypt the files. Use strong passwords.
  • Beware of phishing emails and phone scams. A common way for identity thieves to steal names and Social Security numbers, passwords, credit card numbers, bank account information is to simply ask for it. Clever criminals pose as trusted organizations that you recognize and send spam emails, calls or texts. Their email may ask you to update a bank account or tax software account and provide a link that to a fake website that is designed solely to steal your login information. They may call posing as the IRS threatening you with jail or lawsuits unless you make an immediate payment. They may provide an attachment which, if you download, will infect your machine and enable the thief to access sensitive files or track your keystrokes.
  • Protect personal information. Do not routinely carry your Social Security number. Properly dispose of old tax returns and other sensitive documents by shredding before trashing. Check your credit reports and Social Security Administration accounts at least annually to ensure no one is using your good credit or using your SSN for employment. Oversharing on social media also gives identity thieves even more personal details.

Koskinen acknowledged that regular internet users are often reminded of the commonsense steps they need to protect their security. “But there are 150 million households that file taxes, and problems still happen,” he added. “Security software still gets turned off. And there are still, on a regular basis, victims who are tricked by these clever phishing schemes. Not only can this harm the individuals attacked, this can have a direct impact on tax administration.”

The partners are asking all tax preparers and businesses to share information with employees, clients and customers (see http://www.irs.gov/taxessecuritytogether for more information). They are also calling attention to IRS Publication 4524, Security Awareness for Taxpayers, which provides a brief overview of steps people can take.

In March, Koskinen convened a meeting of IRS, state tax officials and the tax industry to determine what additional steps could be taken. On Oct. 20, the Security Summit participants provided an update to the public.

For the 2016 filing season, there will be new standards for logging onto all tax software products such as minimum password requirements, new security questions and standard lockout features. The software industry will provide more than 20 additional data elements from the tax return submission to the IRS and, in turn, to the states to help identify fraudulent returns. All parties agreed to information sharing on a weekly basis to help quickly identify and adjust to new and emerging tax-related fraud schemes.

The IRS will also continue to work to help victims of identity theft and pursue criminals using identity information to file fraudulent tax returns. IRS Criminal Investigation has worked on thousands of identity theft cases. Since 2013, nearly 2,000 identity thieves have been convicted, with the average sentence running well over three years.

Koskinen pointed out that the holiday season is an especially vulnerable time for many taxpayers.

“More than 90 percent of these tax returns are prepared on a laptop, desktop or even a smartphone – whether they’re done by an individual or a tax preparer,” he said. “This is a massive amount of sensitive data that identity thieves would love to get access to. We want to make it harder for these criminals to succeed, and to do that, everyone needs to be actively safeguarding their personal data, whether on their personal devices or in their personal interactions. Now, many of the steps we’re talking about are basic, common sense actions people can take to protect themselves. But these steps can’t be stressed often enough. With 150 million households, someone right now is clicking on an email link they shouldn’t, or skipping an important computer security update, leaving them vulnerable to hackers. This is why the timing of our campaign today is so important. The holiday season is approaching. Tax season is coming up. People are online, people are getting new devices. It’s an incredibly busy period involving huge amounts of financial and tax data being shared. People need to be aware of steps they can take. As the holidays approach, people should be making sure their friends and family are aware as well. I think we all know someone who may be tech-challenged in some way.”

Julie McGee, State Revenue Commissioner of Alabama, played a voice mail she had received the previous day from someone impersonating an IRS agent threatening her for not paying taxes. “One thing we’ve learned is that criminals are very good at mimicking taxpayers,” she said. “You can make it harder for criminals to hijack your identity by not falling for dangerous phishing and email schemes. It’s easy to do because they are everywhere and they appear to be from trusted sources.”