IR-2020-32, February 14, 2020
WASHINGTON — The IRS and its Security Summit partners today called on tax professionals and taxpayers to use the free, multi-factor authentication feature being offered on tax preparation software products.
Already, nearly two dozen tax practitioner firms have reported data thefts to the IRS this year. Use of the multi-factor authentication feature is a free and easy way to protect clients and practitioners' offices from data thefts. Tax software providers also offer free multi-factor authentication protections on their Do-It-Yourself products for taxpayers.
"The IRS, state tax agencies and the private-sector tax industry have worked together as the Security Summit to make sure the multi-factor authentication feature is available to practitioners and taxpayers alike," said Kenneth Corbin, Commissioner of the IRS Wage and Investment division. "The multi-factor authentication feature is simple to set up and easy to use. Using it may just save you from the financial pain and frustration of identity theft."
Multi-factor authentication means returning users must enter their username/password credentials plus another data point that only they know, such as a security code sent to their mobile phone. For example, thieves may steal passwords but will be unable to access the software accounts without the mobile phones to receive the security codes.
Multi-factor authentication protections are now commonly offered by financial institutions, email providers and social media platforms to protect online accounts. Users should always opt for multi-factor authentication when it is offered but especially with tax software products because of the sensitive data held in the software or online accounts.
The IRS reminded tax professionals to beware of phishing scams that are commonly used by thieves to gain control of their computers. Thieves may claim to be a potential client, a cloud storage provider, a tax software provider or even the IRS in their effort to trick tax professionals to download attachments or open links. These scams often have an urgent message, implying there are issues with the tax professionals' accounts that need immediate attention.
The IRS also reminds tax professionals that they can track the number of returns filed with their Electronic Filing Identification Number (EFIN) on a weekly basis. This helps ensure EFINS are not being misused. Simply go to e-Services, access the EFIN application and select EFIN status to see a weekly total of returns filed using the EFIN. If there are excessive returns, contact the IRS immediately.
Taxpayers can learn more about identity theft and how to protect themselves at Identity Theft Central on IRS.gov.
Tax professionals can learn more about protecting data, signs of theft or reporting data thefts Identity Theft Information for Tax Professionals. Also, Publication 4557, Safeguarding Taxpayer Data (PDF), provides a comprehensive overview of steps to protect computer systems and client data.