November 21, 2017

The Internal Revenue Service, state tax agencies and industry organizations like NAEA are marking “National Tax Security Awareness Week” with a series of reminders to encourage both taxpayers and tax professionals to take additional steps to protect their tax data and identities in advance of the 2018 filing season. Cybercriminals are unrelenting in their attacks, using phone and email scams in an attempt to steal and access personal data, including tax and financial accounts.

Below are several tips offered by the IRS to help protect yourself and your business:

  • Be vigilant; be skeptical. Never open a link or attachment from an unknown or suspicious source. Even if the email is from a known source, approach with caution. Cybercrooks are adept at mimicking trusted businesses, friends and family. Thieves may have compromised a friend’s email address or they may be spoofing the address with a slight change in text, such as vs In the latter, merely changing the “m” to an “r” and “n” can trick people.
  • Remember, the IRS doesn’t initiate spontaneous contact with taxpayers by email to request personal or financial information. This includes text messages and social media channels. The IRS does not call taxpayers with threats of lawsuits or arrests. No legitimate business or organization will ask for sensitive financial information via email. When in doubt, don’t use hyperlinks and go directly to the source’s main web page.
  • Use security software to protect against malware and viruses. Some security software can help identity suspicious websites that are used by cybercriminals.
  • Use strong passwords to protect online accounts. Each account should have a unique password. Use a password manager if necessary. Criminals count on people using the same password repeatedly, giving crooks access to multiple accounts if they steal a password. Experts recommend a password have a minimum of 10 digits, including letters, numbers and special characters. Longer is better.
  • Use multi-factor authentication when offered. Some online financial institutions, email providers and social media sites offer multi-factor protection for customers. Two-factor authentication means that in addition to entering your username and password, you must enter a security code generally sent as a text to your mobile phone. Even if a thief manages to steal usernames and passwords, it’s unlikely the crook would also have a victim’s phone.

NAEA and its members are dedicated to following best practices with respect to protecting both their clients and their businesses from any unauthorized access to personal and financial data. We encourage everyone to be extra vigilant and to access the IRS Security Awareness Tax Tips page to keep abreast of new threats and new tips for combating cybercriminals.



James R. Adelman, EA
National Association of Enrolled Agents (NAEA)