It’s often said that computer security is everyone’s business, and now that’s truer than ever. With cybercriminals hatching scams and schemes at every turn, everyone—from taxpayers to tax professionals—has to stay on their guard to secure their computers, tablets, and phones against these cybercrooks.
The Internal Revenue Service works with the members of the Security Summit, made up of IRS and state tax agency officials and tax industry partners, to chart the strategies and methods to best protect taxpayer information and stop identity theft.
One of the best ways to succeed against identity theft is to educate users in the best methods to keep their networks and data safe and out of thieves’ hands.
The Big 10
The Security Summit has come up with 10 tips taxpayers and tax pros can use to minimize their exposure to fraud and identity theft:
- Safeguard personal data. Provide a Social Security number, for example, only when necessary. Only offer personal information or conduct financial transactions on sites that have been verified as reputable, encrypted websites.
- Protect personal information. Treat personal information like cash – don't hand it out to just anyone. Social Security numbers, credit card numbers, bank and even utility account numbers can be used to help steal a person's money or open new accounts.
- Use strong passwords. Use a password phrase or series of words that will be easy for you to remember. Use at least 10 characters; 12 is ideal for most home users. Mix letters, numbers and special characters. Try to be unpredictable – don't use names, birthdates or common words. Don't use the same password for many accounts and avoid sharing them. Keep passwords in a secure place or use password management tools.
- Set password and encryption protections for wireless networks. If a home or business Wi-Fi is unsecured, it allows any computer within range to access the wireless network and potentially steal information from connected devices. Whenever it is an option for a password-protected account, users should also opt for a multi-factor authentication process. Multi-factor authentication is critical to protecting your password.
- Avoid phishing scams. The easiest way for criminals to steal sensitive data is simply to ask for it. IRS urges people to learn to recognize phishing emails, calls or texts that pose as familiar organizations such as banks, credit card companies or even the IRS. Keep sensitive data safe and:
- Be aware that an unsolicited email with a request to download an attachment or click on a URL could appear to come from someone that you know like a friend, work colleague or tax professional if their email has been spoofed or compromised.
- Don't assume internet advertisements, pop-up ads or emails are from reputable companies. If an ad or offer looks too good to be true, take a moment to check out the company behind it.
- Never download "security" software from a pop-up ad. A pervasive ploy is a pop-up ad that indicates it has detected a virus on the computer. The download most likely will install some type of malware. Reputable security software companies do not advertise in this manner.
- Use security software. An anti-virus program should provide protection from viruses, Trojans, spyware and adware. The IRS urges everyone to use an anti-virus program and always keep it up to date. Set security software to update automatically so it can be updated as threats emerge.
- Educate those less experienced about online safety. Children and those with less online experience may not be fully aware of the perils of opening suspicious web pages, emails or documents. Teens and younger users can put themselves at risk by leaving a trail of personal information for con artists to follow.
- Back up files. No system is completely secure. Copy important files, including federal and state tax returns, onto removable discs or back-up drives and cloud storage. Store discs, drives and any paper copies in secure, locked locations.
- Know the risk of public Wi-Fi. Connection to public Wi-Fi is convenient and often free, but it may not be safe. Hackers and cybercriminals can easily steal personal information from these networks. Always use a virtual private network when connecting to public Wi-Fi.
- Review ID Theft Central. Designed to improve online access to information on identity theft, it serves taxpayers, tax professionals and businesses.
A few other points to ponder when it comes to judging if a communication is real or a fraud. The IRS doesn’t use unsolicited email, text messaging, or social media when first contacting taxpayers about personal or financial information.
In most cases, the IRS will first mail a paper bill to someone who owes taxes. That said, the agency will sometimes call or make an in-person visit to taxpayers' home or business "in some special situations."
Remember, scammers posing as the IRS have one goal in mind; they’re trying to steal personal information.
There is, however, help for taxpayers.
There are ways to know if it’s really the IRS calling or knocking on the door. The IRS website, IRS.gov, has answers to questions, forms and instructions, and easy-to-use online tools.
Visit ID Theft Central for more information on thwarting tax-related identity theft.