Security Summit focuses special week on identity theft to protect taxpayers, tax professionals as holiday and tax seasons approach

IR-2022-202, November 18, 2022

WASHINGTON — The Internal Revenue Service, along with state tax agencies and the nation's tax industry, today announced a special week focusing attention on empowering taxpayers to protect sensitive financial information against identity thieves as the holidays and the 2023 tax season get closer.

Now in its seventh year, the annual National Tax Security Awareness Week takes place from November 28 - December 2. The event is part of a larger effort that continues by the Security Summit, the coalition of the IRS, the states and the nation's tax software and tax professional community. The group formed in 2015 to combat tax-related identity theft by strengthening protections against fraud and raising security awareness.

With the holidays and tax season approaching, the Summit partners warned taxpayers and tax professionals to take extra steps to protect their financial and tax information. People face a heightened risk in coming months as fraudsters take advantage of the holiday season to trick people into sharing sensitive personal information by email, text message and online. Identity thieves use that information to try to file tax returns and steal refunds.

To help combat this, the Summit partner's National Tax Security Awareness Week will feature a week-long series of educational materials to help protect individuals, businesses and tax professionals from identity theft. The effort will include a November 29 webinar titled Deeper Dive Into Emerging Cyber Crimes and Crypto Tax Compliance, special informational graphics and a social media effort on Twitter, Facebook and YouTube. Follow @IRSTaxSecurity, @IRSnews and #TaxSecurity on Twitter for the latest information.

"Taxpayers and tax professionals need to remain vigilant for increasingly sophisticated scams that look to steal sensitive financial information," said IRS Acting Commissioner Doug O'Donnell. "The Security Summit effort focuses on highlighting simple steps that small businesses and people in all walks of life can take to protect their information, helping them avoid problems at tax time."

The IRS and Summit partners continue to see constantly evolving threats and scams. They mimic IRS and others in the tax community through fake emails, texts and online scams. These schemes frequently use recent tragedies or charitable groups to coax people into sharing sensitive financial data.

"The heightened risk to taxpayers poses a real threat. The criminals continue to evolve and are always looking for opportunities to fraudulently obtain this information," said Neena Savage, President of the Board of Trustees for the Federation of Tax Administrators and Tax Administrator for Rhode Island. "We urge everyone to take the steps necessary to protect their sensitive information, which simultaneously helps strengthen the joint work conducted by the states, the IRS and the tax industry through the Security Summit partnership."

As Security Summit partners increased their joint defenses against identity theft in recent years, including through the Identity Theft Information Sharing and Analysis Center (ISAC), fraudsters have increasingly looked for ways to obtain sensitive personal financial information to help slip past common defenses. That has made tax professionals – who hold valuable tax information for their clients – a tempting target for scam artists.

"The innovative Summit partnership between the public and private sectors has created important protections against tax-related identity theft,' said Julie Magee, Tax Regulatory Lead at Cash App Taxes and an original member of the Security Summit who currently serves as the group's communications co-chair. "This collaborative effort continues to thwart identity thieves, helping protect taxpayers and tax professionals while also safeguarding the federal and state tax systems essential to running our nation."

With International Fraud Awareness Week underway through November 19 this year, the Security Summit offers a preview of the upcoming National Tax Security Awareness Week that begins November 28.

National Tax Security Awareness Week 2022 highlights

Cyber Monday: Protect personal and financial information online

The IRS and the Security Summit partners remind people to take these basic steps when shopping online:

  • Use security software for computers and mobile phones – and keep it updated.
  • Make sure anti-virus software for computers has a feature to stop malware, and that there is a firewall enabled that can prevent intrusions.
  • Use strong and unique passwords for all accounts.
  • Use multi-factor authentication whenever possible.
  • Shop only secure websites; look for the "https" in web addresses and the padlock icon; avoid shopping on unsecured and public Wi-Fi in places like coffee shops, malls or restaurants.

Tax professionals should review their security protocols

As identity thieves continue targeting tax professionals, the IRS and the Summit partners urge practitioners to review the "Taxes-Security-Together" Checklist, including:

  • Deploy basic security measures.
  • Use multi-factor authentication to protect tax software accounts.
  • Create a Virtual Private Network if working remotely.
  • Create a written data security plan as required by federal law.
  • Know about phishing and phone scams.
  • Create data security and data theft recovery plans.

Get an Identity Protection PIN

Taxpayers who can verify their identities online may opt into the IRS IP PIN program – a tool taxpayers can use to protect themselves – and their tax refund. Here's what taxpayers need to know:

  • The Identity Protection PIN or IP PIN is a six-digit code known only to the individual and the IRS. It provides another layer of protection for taxpayers' Social Security numbers on tax returns.
  • Use the Get an Identity Protection PIN (IP PIN) tool at IRS.gov/ippin to immediately get an IP PIN.
  • Never share the IP PIN with anyone but a trusted tax provider.

Businesses should watch out for tax-related scams and implement safeguards

Most cyberattacks are aimed at small businesses with fewer than 100 employees. Some details from this segment include:

  • Learn about best security practices for small businesses.
  • IRS continues protective masking of sensitive information on business transcripts.
  • A Business Identity Theft Affidavit, Form 14039-B, is available for businesses to report theft to the IRS.
  • Beware of various scams, especially the W-2 scam that attempts to steal employee income information.
  • Check out the "Business" section on IRS's Identity Theft Central.

Earlier this year, the Protect Your Clients; Protect Yourself campaign encouraged tax professionals to focus on fundamentals and to watch out for emerging vulnerabilities for those practitioners using cloud-based services for their practice.

Additional resources

In addition to reviewing IRS Publication 4557, Safeguarding Taxpayer DataPDF, tax professionals can also get help with security recommendations by reviewing Small Business Information Security: The FundamentalsPDF by the National Institute of Standards and Technology. The IRS Identity Theft Central pages for tax pros, individuals and businesses have important details as well.

The IRS and Security Summit partners also share YouTube videos on security steps for taxpayers. The videos can be viewed or downloaded at Easy Steps to Protect Your Computer and Phone and Security Measures Help Protect Against Tax-Related Identity Theft.

Employers can share Publication 4524, Security Awareness for TaxpayersPDF, with their employees and customers and tax professionals can share with clients.