The IRS, along with state tax agencies and the nation’s tax industry, held the Security Summit’s 8th annual National Tax Security Awareness week during the week of November 27 – December 1, 2023.
This event is part of the continuing effort of the Security Summit (a coalition of the IRS, States, tax software, and tax professional community) to combat tax-related identity theft by encouraging tax preparers to strengthen their protections against identity theft fraud, raising security awareness for everyone, and providing tips to help them avoid scams.
As the IRS, States, and tax software companies have increased their defenses against identity theft, fraudsters have increasingly looked for additional ways to obtain sensitive personal information in order to commit tax related identity theft by filing fraudulent tax returns. This has made tax preparers a prime target for identity thieves.
This year’s National Security Awareness Week focused on ways that taxpayers and tax preparers can protect themselves from evolving scams and schemes that are designed to steal personal, financial, and tax information. Once identity thieves have this information, they can use it to prepare and file fraudulent business and individual income tax returns.
Here is what the focus was for this year’s National Security Awareness Week:
Tax Preparers Need to Have a Written Information Security Plan and Use Multi-Factor Authentication
The IRS and Security Summit partners continue to remind tax preparers that under the updated Federal Trade Commission standards (FTC Safeguards Rule), tax preparers are required by law to have a Written Information Security Plan (WISP) and to use multi-factor authentication to help protect taxpayer accounts and client information.
To help tax preparers create their WISP, the Security Summit’s Tax Professional team developed a special document – IRS Publication 5708 (Creating a Written Information Security Plan for your Tax & Accounting Practice). This 28-page, easy to understand document was developed by the Security Summit partners. The document begins with the basics and walks a tax preparer through getting started on a plan, including understanding their security compliance requirements and professional responsibilities to protect their clients’ sensitive tax return information.
For more information see the following:
- IRS News Release of November 28, 2023 – Security Summit reminds tax pros about importance of written security plans and data breach response
- IRS News Release of July 18, 2023 – Specially designed Security Summit plan helps tax pros protect data
Clients Must Sign Up For an Identity Protection PIN (IP PIN)
An easy way for taxpayers to help prevent identity thieves from filing a fraudulent income tax return using their personal information is to obtain an IP PIN from the IRS.
The IP PIN program is completely voluntary and is available to anyone with an SSN or an ITIN that can successfully verify their identity. More than 8.1 million taxpayers are now shielding themselves against tax identity theft by having obtained an IP PIN.
Taxpayers who can verify their identities online may opt into the IRS IP PIN program – a tool taxpayers can use to protect themselves – and their tax refund. Here’s what taxpayers need to know:
- The Identity Protection PIN or IP PIN is a six-digit code known only to the individual and the IRS. It provides another layer of protection for taxpayers’ Social Security numbers on tax returns.
- Most taxpayers can use the Get an Identity Protection PIN (IP PIN) tool on the IRS website to obtain an IP PIN for the upcoming 2023 tax season.
- Never share the IP PIN with anyone but a trusted tax provider.
For more details see the following on the IRS website:
- IRS News Release of November 29, 2023 – IRS Identity Protection PIN can help avoid fraud and tax related identity theft
- Publication 5367 –Identity Protection PIN Opt-in Program for Taxpayers
- FAQs About the Identity Protection Personal Identification Number (IP PIN)
Businesses Should Take Steps To Prevent Data Loss and Fraud
The Security Summit partners strongly urge business owners to learn and implement cybersecurity basics in order to protect their businesses and reduce the risk of cyberattacks.
Most cyberattacks are aimed at small businesses with fewer than 100 employees. To protect themselves, businesses should follow the best practices from the Federal Trade Commission advising to:
- Use multi-factor authentication
- Set security software to update automatically
- Back up important files
- Require strong passwords for all devices
- Encrypt devices
Businesses should be alert to phishing email scams, especially scams that attempt to trick employees into opening embedded links or attachments. To keep up-to-date on the latest scams the IRS is seeing, be sure and check out the IRS Tax Scams/Consumer Alerts page.
See the following on the IRS website for more information on what businesses can do to protect themselves:
- IRS News Release of November 30 – Summit partners urge businesses to take steps to prevent data loss, fraud
- Identity Theft Central – Business Section
- Protect Your Clients; Protect Yourself main page
- Protect Your Clients; Protect Yourself – Summer 2023 campaign
Emerging Scams for Tax Preparers and Taxpayers to Watch For
The Security Summit partners want to remind taxpayers and tax preparers to be alert to fake communications posing as legitimate organizations in the tax and financial community, including the IRS and State agencies. The messages can arrive in an unsolicited text or email which are designed to lure unsuspecting individuals to provide their personal and/or financial information that can lead to identity theft. These can include:
- Phishing is an email sent by fraudsters claiming to come from the IRS or another legitimate organization, including state tax organizations or a financial firm. The email lures the victims into the scam by a variety of ruses such as enticing victims with a phony tax refund, or frightening them with false legal/criminal charges for tax fraud.
- Smishing is a text or smartphone SMS message that uses the same technique as phishing. Scammers often use alarming language like, “Your account has now been put on hold,” or “Unusual Activity Report” with a bogus “Solutions” link to restore the recipient’s account. Unexpected tax refunds are another potential target for scam artists.
Other reminders:
- The IRS initiates most contacts through regular mail. Taxpayers should not be getting an unexpected message by email, text, or social media regarding a bill or tax refund from the IRS.
- Never click on any unsolicited communications claiming to be the IRS or others because they may secretly load malware or ransomware onto your computer.
For more information see the following:
- IRS News Release of December 1, 2023 – IRS and Security Summit Partners warn taxpayers, tax professionals to watch out for emerging scams by email, text, phone
- IRS Tax Scams/Consumer Alerts page
See the following on the IRS website for more information on the IRS Security Summit and 2023 National Security Awareness Week campaign:
- Security Summit page
- 2023 National Security Awareness Week page
- IRS Publication 4557 – Safeguarding Taxpayer Data
- Data Theft Information for Tax Professionals
- IRS Publication 5461-D – Tax professionals should review their security protocols
- IRS Publication 5293 – Data Security Resource Guide for Tax Professionals
CrossLink Professional Tax Solutions
CrossLink is the industry’s leading professional tax software solution for high-volume tax businesses. Built based on the needs of busy tax offices and mobile tax preparers that specialize in providing their taxpayer clients with fast and accurate tax returns, CrossLink has been a trusted software solution since 1989. CrossLink’s in-depth tax calculations, advanced technological features, and paperless solutions allow you to prepare the most complicated tax returns with confidence and ease while providing your customers with an unparalleled experience.