The IRS recently summarized highlights from the 7th Annual National Tax Security Awareness Week. This event, which is a joint effort sponsored by the Security Summit partners (the “Summit partners,” comprised of the IRS, state tax administrators, and the tax software and tax professional community), raises awareness of security issues to help protect taxpayers and the nation’s tax system from identity theft and tax refund-related fraud.
Identity thieves often seek to steal personal financial information by targeting taxpayers who shop online or by sending fraudulent emails and texts. To protect against these threats, the Summit partners encourage taxpayers to avoid online shopping on unsecured public WiFi networks and to use strong and unique passwords for online accounts. See IRS News Release IR-2022-204 here for more information on important online safety considerations.
Scammers regularly use fake charities to trick taxpayers who decide to donate into surrendering money and sensitive personal information. The Summit partners remind taxpayers that they should not donate to any charity that asks donors to wire funds or by entering numbers from a gift card. Prospective donors should only donate to a charity after doing their own research to ensure that the charity is legitimate, and should be wary of purported charities that represent they have an urgent need for donors to make an immediate payment.
Most significantly, day three of National Tax Security Awareness Week focused on the need for tax professionals to protect and safeguard their clients’ sensitive information. Under the federal Gramm Leach Bliley Act, tax professionals are required to develop a written information security plan (“WISP”) that is scaled to their firm’s size and type of operation. To promote compliance, the Summit partners created a document (accessible here) to help tax professionals develop their own WISPs. The Summit partners also developed a “Taxes-Security-Together” checklist to help practitioners identify basic cybersecurity measures to implement at their firms, which included the following “Security Six” measures:
- Use anti-virus software for all digital products, computers, and mobile phones, and ensure software is set to update automatically to keep systems secure,
- Use firewalls,
- Enable multi-factor authentication (“MFA”) whenever it is offered, so as to protect online accounts,
- Back up sensitive files (especially client data) to secure external sources,
- Encrypt data, and
- Use a virtual private network (“VPN”).
The Summit partners also encouraged taxpayers to take advantage of the IRS’s Identity Protection Personal Identification Number (“IP PIN”) program through which taxpayers are assigned a six-digit number to help prevent the misuse of their Social Security or Individual Taxpayer Identification Numbers. Taxpayers will be able to obtain an IP PIN by using the IRS’s Get an IP PIN tool, which is scheduled to become available on January 9, 2023.
Businesses that suspect that they may have been a victim of tax-related identity theft should file Form 14039-B, Business Identity Theft Affidavit, which enables the IRS to respond to the potential theft and work with the business to resolve problems created by fraudulent tax returns. A business should file Form 14039-B if it receives any of the following notices from the IRS:
- A rejection notice for an electronically filed return because a return has already been filed for the same period,
- A notice about a tax return that the business did not file,
- A notice about Forms W-2 filed with the Social Security Administration that the business did not file,
- A notice of a balance due that the business or its accountants know is not owed.
View highlights from the Tax Security Awareness Week, IRS Tax Tip 2022-187, here.