Tax Time Guide: Protect personal, financial and tax information

The Internal Revenue Service today urged taxpayers to protect the security of their personal, financial and tax information. Con artists use scams and schemes to steal personal information and money from unsuspecting victims, particularly during tax time.

The Internal Revenue Service today urged taxpayers to protect the security of their personal, financial and tax information. Con artists use scams and schemes to steal personal information and money from unsuspecting victims, particularly during tax time.

This news release is part of a series called the Tax Time Guide, a resource to help taxpayers file an accurate tax return. Additional help is available in Publication 17, Your Federal Income Tax, and the tax reform information page.

The IRS doesn’t initiate contact with taxpayers by email, text messages or social media channels to request personal or financial information. The public should be alert to scammers posing as the IRS to steal personal information. There are ways to know if it’s really the IRS calling or knocking on someone’s door.

The IRS also works with the Security Summit, a partnership with state tax agencies and the private-sector tax industry, to help protect taxpayer information and defend against identity theft. Taxpayers and tax professionals can take steps to help in this effort.
​
Protect personal information
Treat personal information like cash – don’t hand it out to just anyone. Social Security numbers, credit card numbers, bank and even utility account numbers can be used to help steal a person’s money or open new accounts. Every time a taxpayer receives a request for personal information, they should think about whether the request is truly necessary. Scammers will do everything they can to appear trustworthy and legitimate.
 
Avoid phishing scams
The easiest way for criminals to steal sensitive data is simply to ask for it. Learn to recognize phishing emails, calls or texts that pose as familiar organizations such as banks, credit card companies or even the IRS. These ruses generally urge taxpayers to give up sensitive data such as passwords, Social Security numbers and bank account or credit card numbers. They are called phishing scams because they attempt to lure the receiver into taking the bait.  
 
Be aware that an unsolicited email with a request to download an attachment or click on a URL could appear to come from someone that you know like a friend, work colleague or tax professional if their email has been spoofed or compromised.
 
Don’t assume internet advertisements, pop-up ads or emails are from reputable companies. If an ad or offer looks too good to be true, take a moment to check out the company behind it. Type the company or product name into a search engine with terms like “review,” “complaint” or “scam.”
 
The IRS urges people to never download “security” software from a pop-up ad. A pervasive ploy is a pop-up ad that indicates it has detected a virus on the computer. Don’t fall for it. The download most likely will install some type of malware. Reputable security software companies do not advertise in this manner. For more information on reporting IRS-related phishing see “Report Phishing” on IRS.gov.
 
Safeguard personal data in daily, online activity
Taxpayers should safeguard their Social Security number. Provide it only when necessary.
 
Provide personal information over reputable, encrypted websites only. Shopping or banking online should be done only on sites that use encryption. People should look for “https” at the beginning of a web address (the “s” stands for secure) and be sure “https” is on every page of the site.
 
Use strong passwords
The longer the password, the tougher it is to crack. Use at least 10 characters; 12 is ideal for most home users. Mix letters, numbers and special characters. Try to be unpredictable – don’t use names, birthdates or common words. Don’t use the same password for many accounts and don’t share them on the phone, in texts or by email. Consider using a passphrase versus a password. Legitimate companies will not send messages asking for passwords. Receiving such a message probably means it’s a scam. Keep passwords in a secure place or use password management software.
 
Set password and encryption protections for wireless networks. If a home or business Wi-Fi is unsecured, it allows any computer within range to access the wireless network and potentially steal information from connected devices.
 
Use security software
An anti-malware program should provide protection from viruses, Trojans, spyware and adware. The IRS urges people, especially tax professionals, to use an anti-malware program and always keep it up to date.
 
Set security software to update automatically so it can be upgraded as threats emerge. Also, make sure the security software is “on” at all times. Invest in encryption software to ensure data at rest is protected from unauthorized access by hackers or identity thieves. Educate children about the threats of opening suspicious web pages, emails or documents.
 
Back up files
No system is completely secure. Copy important files, including federal and state tax returns, onto a removable disc or a back-up drive, and store it in a safe place. Federal and state tax returns are important financial documents. People need them from time to time for home mortgages or college financial aid applications. These steps also can help taxpayers more easily prepare next year’s tax return. If storing sensitive tax and financial records on a personal computer, use a file encryption program to add an additional layer of security.
 
Taxpayers can find answers to questions, forms and instructions and easy-to-use tools online at IRS.gov. They can use these resources to get help when it’s needed at home, at work or on the go.