Washington — The Internal Revenue Service today urged small businesses and other payers to check out the agency’s newly-revised backup withholding publication, now available on IRS.gov.

Publication 1281, Backup Withholding for Missing and Incorrect Name/TIN(s), posted last month on IRS.gov, has been updated to reflect a key change made by the Tax Cuts and Jobs Act (TCJA). As a result of this change, effective Jan. 1, 2018, the backup withholding tax rate dropped from 28 percent to 24 percent.

In general, backup withholding applies in various situations including, but not limited to, when a taxpayer fails to supply their correct taxpayer identification number (TIN) to a payer. Usually, a TIN is a Social Security number (SSN), but in some instances, it can be an Employer Identification Number (EIN), Individual Taxpayer Identification Number (ITIN) or Adoption Taxpayer Identification Number (ATIN). Backup withholding also applies, following notification by the IRS, where a taxpayer underreported interest or dividend income on their federal income tax return.

Publication 1281 is packed with useful information designed to help any payer required to impose backup withholding on any of their payees. Among other things, the publication features answers to 34 frequently asked questions (FAQs). One of them, Q/A 34, points out that a payer who mistakenly backup withheld at an incorrect rate (such as the old 28-percent tax rate, rather than the new 24-percent rate), need not refund the difference to the payee. However, a payer who chooses to refund the difference must do so before the end of the year and can then make appropriate adjustments to their federal tax deposits.

When backup withholding applies, payers must backup withhold tax from payments not otherwise subject to withholding. Payees may be subject to backup withholding if they:

  • Fail to give a TIN,
  • Give an incorrect TIN,
  • Supply a TIN in an improper manner,
  • Underreport interest or dividends on their income tax return, or
  • Fail to certify that they’re not subject to backup withholding for underreporting of interest and dividends.

Backup withholding can apply to most kinds of payments reported on Form 1099, including:

  • Interest payments;
  • Dividends;
  • Patronage dividends, but only if at least half of the payment is in money;
  • Rents, profits or other income;
  • Commissions, fees or other payments for work performed as an independent contractor;
  • Payments by brokers and barter exchange transactions;
  • Payments by fishing boat operators, but only the portion that’s in money and represents a share of the proceeds of the catch;
  • Payment card and third-party network transactions; and
  • Royalty payments.

Backup withholding also may apply to gambling winnings that aren’t subject to regular gambling withholding.

To stop backup withholding, the payee must correct any issues that caused it. They may need to give the correct TIN to the payer, resolve the underreported income and pay the amount owed, or file a missing return. The Backup Withholding page,  Publication 505, Tax Withholding and Estimated Tax and Publication 1335, Backup Withholding Questions and Answers have more information.

Payers report any backup withholding on Form 945, Annual Return of Withheld Federal Income Tax. The 2018 form is due Jan. 31, 2019. For more information about depositing backup withholding taxes, see Publication 15, Employer’s Tax Guide. Payers also show any backup withholding on information returns, such as Forms 1099, that they furnish to their payees and file with the IRS.

Like regular federal income tax withholding, a payee can claim credit for any backup withholding when they file their 2018 federal income tax return.

For updates on this and other TCJA provisions, visit IRS.gov/taxreform.

Source: https://www.irs.gov/newsroom/reduced-24-percent-withholding-rate-applies-to-small-businesses-and-other-payers-revised-backup-withholding-publication-features-helpful-faqs

WASHINGTON —The Treasury Department and the Internal Revenue Service today issued proposed regulations and other published guidance for the new Opportunity Zone tax incentive.

Opportunity Zones, created by the 2017 Tax Cuts and Jobs Act, were designed to spur investment in distressed communities throughout the country through tax benefits. Under a nomination process completed in June, 8,761 communities in all 50 states, the District of Columbia and five U.S. territories were designated as qualified Opportunity Zones. Opportunity Zones retain their designation for 10 years. Investors may defer tax on almost any capital gain up to Dec. 31, 2026 by making an appropriate investment in a zone, making an election after December 21, 2017, and meeting other requirements.

The proposed regulations clarify that almost all capital gains qualify for deferral. In the case of a capital gain experienced by a partnership, the rules allow either a partnership or its partners to elect deferral. Similar rules apply to other pass-through entities, such as S corporations and their shareholders, and estates and trusts and their beneficiaries.

Generally, to qualify for deferral, the amount of a capital gain to be deferred must be invested in a Qualified Opportunity Fund (QOF), which must be an entity treated as a partnership or corporation for Federal tax purposes and organized in any of the 50 states, D.C. or five U.S. territories for the purpose of investing in qualified opportunity zone property.

The QOF must hold at least 90 percent of its assets in qualified Opportunity Zone property (investment standard). Investors who hold their QOF investment for at least 10 years may qualify to increase their basis to the fair market value of the investment on the date it is sold.

The proposed regulations also provide that if at least 70 percent of the tangible business property owned or leased by a trade or business is qualified opportunity zone business property, the requirement that “substantially all” of such tangible business property is qualified opportunity zone business property can be satisfied if other requirements are met. If the tangible property is a building, the proposed regulations provide that “substantial improvement” is measured based only on the basis of the building (not of the underlying land).

In addition to the proposed regulations, Treasury and the IRS issued an additional piece of guidance to aid taxpayers in participating in the qualified Opportunity Zone incentive. Rev. Rul. 2018-29 provides guidance for taxpayers on the “original use” requirement for land purchased after 2017 in qualified opportunity zones. They also released Form 8996, which investment vehicles will use to self-certify as QOFs.

More information on Opportunity Zones, including answers to frequently-asked questions, is on the Tax Reform page of IRS.gov. The Tax Reform page will also feature updates on the implementation of this and other TCJA provisions.

Click here for complete list of Opportunity Zones.

Source: https://www.irs.gov/newsroom/treasury-irs-issue-proposed-regulations-on-new-opportunity-zone-tax-incentive

WASHINGTON — The Information Reporting Program Advisory Committee (IRPAC) today issued its annual report for 2018 including numerous recommendations to the Internal Revenue Service on new and continuing issues in tax administration.

The report includes a discussion on how to implement and/or improve processes such as those for the Change of Business Master File Entity Addresses, E-Signature for Form W-9 as well as the Tax Cuts and Jobs Act.

The report also recommended enhancements to the Filing Information Returns Electronically (FIRE) System, Practitioner ID and Internal Revenue Code 6050S and Form 1098-T Reporting. During 2018, the committee continued its dialogue with IRS officials regarding reporting requirements under the Foreign Account Tax Compliance Act (FATCA) and the Affordable Care Act (ACA) and made extensive recommendations regarding both programs.

These recommendations are discussed in detail in the full 2018 IRPAC Public Report, available on IRS.gov.

Commissioner Chuck Rettig and senior IRS leaders also thanked four members of the committee ending their terms this year:

  • Kevin Sullivan – Sullivan is managing director and tax executive at Bank of America where he is the head of U.S. Information Reporting Advisory in the Global Tax Policy group. In this capacity, he manages a team of tax advisors responsible for U.S. withholding and information reporting advisory throughout Bank of America Merrill Lynch.
  • Kelli Wooten – Wooten is a managing director with KPMG LLP. She advises both multinational corporations and financial institutions on their compliance with information reporting and withholding rules such as the FATCA and the Common Reporting Standard (CRS).
  • Terry Edwards – Edwards is director of information reporting consulting with Wells Fargo Bank. He has been a member of the American Bankers Association’s Information Reporting Committee since 2009 and chair of the committee in 2015 and 2016.
  • Laura Burke – Burke has been a tax professional for over 17 years. She is an enrolled agent, provides tax resolution solutions and prepares tax returns for individual, corporate, partnership, LLC series, estate and not-for-profit taxpayers. She has managed a Volunteer Income Tax Assistance (VITA) site and is a lead instructor.

IRPAC is a federal advisory committee that provides an organized public forum for discussion of information reporting issues. It is comprised of a diverse cross-section of individuals drawn from the tax professional community, financial institutions, small and large businesses, universities and colleges and securities and payroll firms.

Source: https://www.irs.gov/newsroom/information-reporting-program-advisory-committee-issues-2018-annual-report

WASHINGTON — The Electronic Tax Administration Advisory Committee (ETAAC) today released its annual report, featuring numerous recommendations on a range of issues in electronic tax administration.

The Committee presented the report at a public meeting to IRS Acting Commissioner David Kautter.

“The ETAAC works closely with the Security Summit in the fight against identity theft and refund fraud,” Kautter said. “The group’s advice is important to our efforts to improve tax administration, and the IRS looks forward to reviewing the recommendations.”

ETAAC exists in support of the goal that paperless filing should be the preferred and most convenient method of filing tax and information returns. This is the Committee’s second annual report since it was realigned and expanded to focus on refund fraud and cybersecurity.

While the ETAAC makes recommendations to the IRS, it works in conjunction with the Security Summit, a joint effort of the IRS, state tax administrators, tax software providers, tax professionals and financial services firms to fight fraud. Summit efforts have resulted in sharp declines in the number of taxpayer reports of identity theft and refund fraud.

ETAAC members represent various segments of the tax community, including tax professionals, tax software developers, large and small businesses, employers and payroll service providers, individual taxpayers and consumer advocates, the financial industry and state and local governments.

The 2018 report Electronic Tax Administration Advisory Committee Annual Report to Congress, is available on IRS.gov.

Source: https://www.irs.gov/newsroom/electronic-tax-administration-advisory-committee-issues-2018-annual-report

The IRS, state tax agencies and the nation’s tax industry joined together to warn small businesses to be on-guard against a growing wave of identity theft against employers.

Small business identity theft is a big business for identity thieves. Just like individuals, businesses may have their identities stolen and their sensitive information used to open credit card accounts or used to file fraudulent tax refunds for bogus refunds.

The Internal Revenue Service, state tax agencies and the private-sector tax community — partners in the Security Summit — are marking “National Tax Security Awareness Week” with a series of reminders to taxpayers and tax professionals. The week concludes with warnings about small business identity theft.

In the past year, the Internal Revenue Service has noted a sharp increase in the number of fraudulent Forms 1120, 1120S and 1041 as well as Schedule K-1. The fraudulent filings apply to partnerships as well as estate and trust forms.

Identity thieves are displaying a sophisticated knowledge of the tax code and industry filing practices as they attempt to obtain valuable data to help file fraudulent returns. Security Summit partners have expanded efforts to better protect business filers and to better identify suspected identity theft returns.

Identity thieves have long made use of stolen Employer Identification Numbers (EINs) to create fake Forms W-2 that they would file with fraudulent individual tax returns. Fraudsters also used EINs to open new lines of credit or obtain credit cards. Now, they are using company names and EINs to file fraudulent returns.

As with fraudulent individual returns, there are certain signs that may indicate identity theft. Business, partnerships and estate and trust filers should be alert to potential identity theft and contact the IRS if they experience any of these issues:

  • Extension to file requests are rejected because a return with the Employer Identification Number or Social Security number is already on file;
  • An e-filed return is rejected because of a duplicate EIN/SSN is already on file with the IRS;
  • An unexpected receipt of a tax transcript or IRS notice that doesn’t correspond to anything submitted by the filer.
  • Failure to receive expected and routine correspondence from the IRS because the thief has changed the address.

New Procedures to Protect Business in 2018

The IRS, state tax agency and software providers also share certain data points from returns, including business returns, that help identify a suspicious filing. The IRS and states also are asking that business and tax practitioners provide additional information that will help verify the legitimacy of the tax return.

For 2018, these “know your customer” procedures are being put in place that include the following questions:

  • The name and SSN of the company executive authorized to sign the corporate tax return. Is this person authorized to sign the return?
  • Payment history – Were estimated tax payments made? If yes, when were they made, how were they made, and how much was paid?
  • Parent company information – Is there a parent company? If yes, who?
  • Additional information based on deductions claimed
  • Filing history – Has the business filed Form(s) 940, 941 or other business-related tax forms?

Sole proprietorships that file Schedule C and partnerships filing Schedule K-1 with Form 1040 also will be asked to provide additional information items, such as a driver’s license number. Providing this information will help the IRS and states identify suspicious business-related returns.

For small businesses looking for a place to start on security, the National Institute of Standards and Technology (NIST) produced Small Business Information Security: The Fundamentals. NIST is the branch of the U.S. Commerce Department that sets information security frameworks followed by federal agencies.

The United States Computer Emergency Readiness Team (US-CERT) has Resources for Small and Midsize Businesses. Many secretaries of state also provide resources on business-related identity theft as well.

The IRS, state tax agencies and the tax industry are working together to fight against tax-related identity theft and to protect business and individual taxpayers. Everyone can help. Take steps recommended by cyber experts and visit the Identity Protection: Prevention, Detection and Victim Assistance for information about business-related identity theft.

Source: https://www.irs.gov/newsroom/national-tax-security-awareness-week-no-5-small-businesses-be-alert-to-identity-theft

The IRS, state tax agencies and private-sector tax groups warned the nation’s business, payroll and human resource communities about a growing W-2 email scam that threatens sensitive tax information held by employers.

These emails may start with a simple, “Hey, you in today?” and, by the end of the exchange, all of an organization’s Forms W-2 for their employees may be in the hands of cybercriminals. This puts workers at risk for tax-related identity theft.

The W-2 scam has emerged as one of the most dangerous and successful phishing attacks as hundreds of employers and tens of thousands of employees fell victim to the scheme in the past year. This scam is such a threat to taxpayers that a special IRS reporting process has been established.

The Internal Revenue Service, state tax agencies and the tax community — partners in the Security Summit — are marking “National Tax Security Awareness Week” with a series of reminders to taxpayers and tax professionals. In part four, the topic is the W-2 scam.

Because the Security Summit partners have successfully made inroads into stopping stolen identity refund fraud, criminals now need more information to file a fraudulent return. That means they need more accurate data about taxpayers, causing them to target tax practitioners, payroll professionals and employers. The Form W-2 contains income and withholding information necessary to file a tax return.

All employers are at risk. In 2017, the W-2 scam made victims of businesses large and small, public schools and universities, as well as tribal governments, charities and hospitals. The scam, which grows larger each year, will likely make the rounds again in 2018.

The Security Summit warns employers – in public and private sectors – to beware of this scheme and to educate employees, especially those in human resources and payroll departments who are often the first targets.

This is an example of a business email compromise or business email spoofing in which the thief poses as a company executive, school official or someone of authority within the organization. The crook will send an email to one employee with payroll access, requesting a list of all employees and their Forms W-2. The thief may even specify the format in which he wants the information. The subject line has hundreds of variations along the lines of “review,” “manual review” or “request.”

Because payroll officials believe they are corresponding with an executive, it may take weeks for someone to realize a data theft has occurred. Generally, the criminals are trying to quickly take advantage of their theft, sometimes filing fraudulent tax returns within a day or two.

Because of the W-2 scam’s threat to tax administration for both federal and state governments, a special reporting process has been established to quickly alert the IRS and state tax agencies. Detailed reporting steps may be found at Form W-2/SSN Data Theft: Information for Businesses and Payroll Service Providers.

Here’s an abbreviated list of how to report these schemes:

  • Email dataloss@irs.gov to notify the IRS of a W-2 data loss and provide contact information. In the subject line, type “W2 Data Loss” so that the email can be routed properly. Do not attach any employee personally identifiable information data.
  • Email the Federation of Tax Administrators at StateAlert@taxadmin.org to get information on how to report victim information to the states.
  • Businesses/payroll service providers should file a complaint with the FBI’s Internet Crime Complaint Center (IC3.gov). Businesses/payroll service providers may be asked to file a report with their local law enforcement agency.
  • Notify employees so they may take steps to protect themselves from identity theft. The Federal Trade Commission’s www.identitytheft.gov provides guidance on general steps employees should take.
  • Forward the scam email to phishing@irs.gov.

Employers are urged to put steps and protocols in place for the sharing of sensitive employee information such as Forms W-2. One example would be to have two people review any distribution of sensitive W-2 data or wire transfers. Another example would be to require a verbal confirmation before emailing W-2 data. Employers also are urged to educate their payroll or human resources departments about these scams.

As part of the Security Summit effort, the IRS, state tax agencies and the tax industry working together to fight against tax-related identity theft and to protect taxpayers. Everyone can help. Be alert and guard against the W-2 scam.

Taxpayers are also encouraged to visit the “Taxes. Security. Together.” awareness campaign or review IRS Publication 4524, Security Awareness for Taxpayers, to learn more.

Source: https://www.irs.gov/newsroom/national-tax-security-awareness-week-no-4-employers-payroll-officials-avoid-the-w-2-email-scam

The number of data breaches was already on a record pace for 2017 before the reported theft of nearly 145 million Americans’ names, addresses and Social Security numbers brought the issue to the forefront.

Every day, data thefts large and small put people’s personal and financial information at risk. There are steps that data theft victims may take to protect their financial accounts and their identities once cybercriminals have their names and other sensitive information.

The Internal Revenue Service, state tax agencies and the tax community — partners in the Security Summit — are marking “National Tax Security Awareness Week” with a series of reminders to taxpayers and tax professionals. Today, the topic is data breaches.

In the first half of 2017, the number of data breaches increased by 29 percent, to a record 791 incidents, according to Identity Theft Resource Center (ITRC) and CyberScout, which sponsored the report. For the past five years, ITRC has tracked data breaches in five key sectors.

Generally, thieves want to take advantage of the stolen data as quickly as possible. That may mean selling the data on the Dark Web for use by other criminals. It may mean the crook tries to access financial accounts for withdrawals or credit cards for charges. It may also mean a thief quickly files a fraudulent tax return in victims’ names for a refund.

Those Who’re Victims Should Consider These Steps:

  • If possible, learn what information was compromised. Was it emails and passwords or more sensitive data such as name and Social Security number?
  • Take advantage of any credit monitoring offers made by the company that was breached.
  • Place a freeze on credit accounts to prevent access to credit records. There may be a fee for requesting one. This varies by state. At a minimum, place a fraud alert on credit accounts by contacting one of the three major credit bureaus. A fraud alert on credit records is not as secure as a freeze, but a fraud alert is free.
  • Reset passwords on online accounts, especially financial, email and social media accounts. Experts recommend at least 10-digit passwords, mixing letters, numbers and special characters. Use different passwords for each account. Use a password manager, if necessary.
  • Use two-factor authentication wherever it is offered on financial, email and social media accounts. Two-factor authentication requires entry of a username and password and then a security code, generally sent via text to a mobile phone you’ve pre-registered.

The scale of the credit bureau breach, which was reported this summer, has prompted many questions, especially about how a victim’s taxes may be affected. Because of the work by the Security Summit, more protections are in place to protect taxpayers from tax-related identity theft. Thieves will need more than a name, address, birth data and SSN to file a fraudulent tax return.

Tips for the 2018 Tax Season; Will Filing Early Help?

The IRS reminds taxpayers that they should file their tax return as early as they can, but not before they are sure they have all the proper information and supporting Forms W-2 and 1099. Taxpayers should always file an accurate tax return. Filing before all information is received puts taxpayers at risk of needing to file an amended tax return, paying interest or penalties or even receiving an IRS notice or audit.

The IRS and states have put many new defenses in place to help protect taxpayers from identity theft. The new IRS protections have worked well to protect taxpayers, and some key indicators of identity theft on tax returns have dropped by around two-thirds since 2015.

These protections are especially helpful if criminals only have names, addresses and SSNs – which was the information stolen in recent incidents. However, there are continuing concerns that cybercriminals will try to build on this basic information by trying to obtain more specific financial details from taxpayers and tax professionals to help them file fraudulent tax returns.

In addition, no one yet knows what thieves may do with information from the data breaches. The Summit partners believe cybercriminals will increasingly look to steal more detailed information from taxpayers, tax professionals and businesses to help file a fraudulent tax return. The volume of victims means everyone – the tax agencies, tax professionals and taxpayers – must be vigilant going into the 2018 tax filing season and be alert to any unusual activity.

Here Are a Few Signs of Tax-Related Identity Theft:

  • An electronically filed tax return rejects because a return with the taxpayer’s SSN already has been filed;
  • Taxpayers receive a letter from the IRS asking them to confirm whether they submitted a tax return being held for review;
  • Taxpayers receive a notice from the IRS indicating that they owe additional tax, have a refund offset or have a collection action for a year in which they did not file a tax return;
  • Taxpayers receive a notice from the IRS that they received wages from an employer for whom the taxpayer did not work.

Taxpayers should file a Form 14039, Identity Theft Affidavit, only if their return rejects because a return using their SSN already has been filed or if told to do so by the IRS. This form is how taxpayers report that they are an identity-theft victim.

The IRS stops the vast majority of fraudulent returns. Each year, the IRS stops returns it deems suspicious and asks the filer to verify whether they filed the return. The IRS will send a notice asking taxpayers to confirm whether they filed the return.

The IRS, state tax agencies and the tax industry are working together to fight against tax-related identity theft and to protect taxpayers. Everyone can help. Visit the “Taxes. Security. Together.” awareness campaign or review IRS Publication 4524, Security Awareness for Taxpayers, to learn more.

Source: https://www.irs.gov/newsroom/national-tax-security-awareness-week-no-3-victims-of-data-breaches-should-consider-these-steps

With the approach of the holidays and the 2018 filing season, the IRS, state tax agencies and the nation’s tax industry urge people to be on the lookout for new, sophisticated email phishing scams that could endanger their personal information and next year’s tax refund.

The most common way for cybercriminals to steal bank account information, passwords, credit cards or Social Security numbers is to simply ask for them. Every day, people fall victim to phishing scams that cost them their time and their money.

Those emails urgently warning users to update their online financial accounts – they’re fake. That email directing users to download a document from a cloud-storage provider? Fake. Those other emails suggesting the recipients have a $64 tax refund waiting at the IRS or that the IRS needs information about insurance policies – also fake. So are many new and evolving variations of these schemes.

The Internal Revenue Service, state tax agencies and the tax community — partners in the Security Summit — are marking “National Tax Security Awareness Week” with a series of reminders to taxpayers and tax professionals. In part two, the topic is avoiding phishing scams.

Phishing attacks use email or malicious websites to solicit personal, tax or financial information by posing as a trustworthy organization. Often, recipients are fooled into believing the phishing communication is from someone they trust. A scam artist may take advantage of knowledge gained from online research and earlier attempts to masquerade as a legitimate source, including presenting the look and feel of authentic communications, such as using an official logo. These targeted messages can trick even the most cautious person into taking action that may compromise sensitive data.

The scams may contain emails with hyperlinks that take users to a fake site. Other versions contain PDF attachments that may download malware or viruses.

Some phishing emails will appear to come from a business colleague, friend or relative. These emails might be an email account compromise. Criminals may have compromised your friend’s email account and begin using their email contacts to send phishing emails.

Not all phishing attempts are emails – some are phone scams. One of the most common phone scams is the caller pretending to be from the IRS and threatening the taxpayer with a lawsuit or with arrest if payment is not made immediately, usually through a debit card.

Phishing attacks, especially online phishing scams, are popular with criminals because there is no fool-proof technology to defend against them. Users are the main defense. When users see a phishing scam, they should ensure they don’t take the bait.

Here are a few steps to take:

  • Be vigilant; be skeptical. Never open a link or attachment from an unknown or suspicious source. Even if the email is from a known source, approach with caution. Cybercrooks are adept at mimicking trusted businesses, friends and family. Thieves may have compromised a friend’s email address or they may be spoofing the address with a slight change in text, such as name@example.com vs narne@example.com. In the latter, merely changing the “m” to an “r” and “n” can trick people.
  • Remember, the IRS doesn’t initiate spontaneous contact with taxpayers by email to request personal or financial information. This includes text messages and social media channels. The IRS does not call taxpayers with threats of lawsuits or arrests. No legitimate business or organization will ask for sensitive financial information via email. When in doubt, don’t use hyperlinks and go directly to the source’s main web page.
  • Use security software to protect against malware and viruses. Some security software can help identity suspicious websites that are used by cybercriminals.
  • Use strong passwords to protect online accounts. Each account should have a unique password. Use a password manager if necessary. Criminals count on people using the same password repeatedly, giving crooks access to multiple accounts if they steal a password. Experts recommend a password have a minimum of 10 digits, including letters, numbers and special characters. Longer is better.
  • Use multi-factor authentication when offered. Some online financial institutions, email providers and social media sites offer multi-factor protection for customers. Two-factor authentication means that in addition to entering your username and password, you must enter a security code generally sent as a text to your mobile phone. Even if a thief manages to steal usernames and passwords, it’s unlikely the crook would also have a victim’s phone.

The IRS, state tax agencies and the tax industry are working together to fight against tax-related identity theft and to protect taxpayers. Everyone can help. Visit the “Taxes. Security. Together.” awareness campaign or review IRS Publication 4524, Security Awareness for Taxpayers, to learn more.

During the online holiday shopping season, the IRS, state tax agencies and the tax industry remind people to be vigilant with their personal information. While shopping for gifts, criminals are shopping for credit card numbers, financial account information, Social Security numbers and other sensitive data that could help them file a fraudulent tax return.

Anyone who has an online presence should take a few simple steps that could go a long way to protecting their identity and personal information.

The Internal Revenue Service, state tax agencies and the tax community, partners in the Security Summit, are marking “National Tax Security Awareness Week”, Nov. 27-Dec. 1, with a series of reminders to taxpayers and tax professionals. In part one, the topic is online security.

Cybercriminals seek to turn stolen data into quick cash, either by draining financial accounts, charging credit cards, creating new credit accounts or even using stolen identities to file a fraudulent tax return for a refund.

Here are seven steps to help with online safety and protecting tax returns and refunds in 2018:

  • Shop at familiar online retailers. Generally, sites using the “s” designation in “https” at the start of the URL are secure. Look for the “lock” icon in the browser’s URL bar. But remember, even bad actors may obtain a security certificate so the “s” may not vouch for the site’s legitimacy.
  • Avoid unprotected Wi-Fi. Beware purchases at unfamiliar sites or clicks on links from pop-up ads. Unprotected public Wi-Fi hotspots also may allow thieves to view transactions. Do not engage in online financial transactions if using unprotected public Wi-Fi.
  • Learn to recognize and avoid phishing emails that pose as a trusted source such as those from financial institutions or the IRS. These emails may suggest a password is expiring or an account update is needed. The criminal’s goal is to entice users to open a link or attachment. The link may take users to a fake website that will steal usernames and passwords. An attachment may download malware that tracks keystrokes.
  • Keep a clean machine. This applies to all devices – computers, phones and tablets. Use security software to protect against malware that may steal data and viruses that may damage files. Set it to update automatically so that it always has the latest security defenses. Make sure firewalls and browser defenses are always active. Avoid “free” security scans or pop-up advertisements for security software.
  • Use passwords that are strong, long and unique. Experts suggest a minimum of 10 characters but longer is better. Avoid using a specific word; longer phrases are better. Use a combination of letters, numbers and special characters. Use a different password for each account. Use a password manager, if necessary.
  • Use multi-factor authentication. Some financial institutions, email providers and social media sites allow users to set accounts for multi-factor authentication, meaning users may need a security code, usually sent as a text to a mobile phone, in addition to usernames and passwords. For added protection, some financial institutions also will send email or text alerts when there is a withdrawal or change to the account. Generally, users can check account profiles at these locations to see what added protections may be available.
  • Encrypt and password-protect sensitive data. If keeping financial records, tax returns or any personally identifiable information on computers, this data should be encrypted and protected by a strong password. Also, back-up important data to an external source such as an external hard drive. And, when disposing of computers, mobile phones or tablets, make sure to wipe the hard drive of all information before trashing.

There are also a few additional steps people can take a few times a year to make sure they have not become an identity theft victim.

Receive a free credit report from each of the three major credit bureaus once a year. Check it to make sure there are no unfamiliar credit changes. Create a “My Social Security” account online with the Social Security Administration. There users can see how much income is attributed to their SSN. This can help determine if someone else is using the SSN for employment purposes.

The IRS, state tax agencies and the tax industry are committed to working together to fight against tax-related identity theft and to protect taxpayers. But the Security Summit needs help. People can take steps to protect themselves online. Visit the “Taxes. Security. Together.” awareness campaign or review IRS Publication 4524, Security Awareness for Taxpayers, to see what can be done.

Source: https://www.irs.gov/newsroom/national-tax-security-awareness-week-no-1-online-security-seven-steps-for-safety