Sunday October 25, 2020
Five Days to Online Security
American shoppers are expected to set records for online shopping this holiday season. To assist individuals in protecting their online identity, the IRS has published a five-day online security guidance program. This program is designed for National Tax Security Awareness Week on Dec. 2-6, but may be implemented at any time.
- Day 1 – Protect personal and financial information online. Use security software for computers and mobile phones and keep it updated. Protect personal information; do not hand it out to just anyone. Use strong and unique passwords for all accounts. Shop only on secure websites. Look for the “https” in web addresses to verify it is a secure website. Avoid shopping on unsecured, public wi-fi in places like shopping malls. Routinely back up files on computers and mobile phones.
- Day 2 – Learn to recognize phishing emails and phone scams. Email scammers often pose as companies people know and trust and tell an urgent story to trick victims into opening a link or attachment. Watch out for scam phone calls, too. Remember, the IRS does not call demanding payment with threats of jail time or lawsuits. The IRS does not demand immediate payment via gift or debit cards. The IRS does not accept tax payments by iTunes cards. The IRS does not send unsolicited emails about refunds or payments, nor will the IRS request login credentials, Social Security numbers or other sensitive information.
- Day 3 – Create strong passwords to protect online accounts. Password standards have changed. Here are some simple guidelines. Use long phrases combined with characters and numbers. For example: SomethingOneCanRemember@30. Use a different password for each account. Do not use an email address if that is an option. Use an encrypted password manager to keep track of your passwords. Use two-factor authentication whenever it is offered -- for email accounts, financial accounts and social media accounts.
- Day 4 – Recognize clues of identity theft. A taxpayer may be a victim of identity theft if an e-filed return is rejected because a duplicate is already on file with the IRS. Another warning sign to the taxpayer may be that a routine filing extension request is rejected or an unexpected receipt of a tax transcript or IRS notice is received. Failure to receive expected and routine correspondence from the IRS can be an indicator an identity thief has changed the taxpayer's mailing address.
- Day 5 – Tax professionals should review their safeguards. The IRS and the Summit partners urge tax professionals to review the Taxes-Security-Together Checklist. Professionals should deploy basic security measures and create a written data security plan as required by law. Professionals should also know about phishing and phone scams, recognize the signs of client data theft and create a data theft recovery plan.
Published November 22, 2019