Internal Revenue Service | Nesteggg Accounting

With millions of people logging in to websites and online accounts this holiday season, the IRS and the Security Summit partners remind taxpayers that common mistakes can increase their of risk having sensitive financial and tax data stolen by identity thieves.

The Internal Revenue Service, state tax agencies and the nation’s tax industry remind taxpayers that using strong passwords and keeping them secure are critical steps to preventing thieves from stealing identities, money or using the information to file a fraudulent tax return.

“Taking a few simple steps to protect your passwords can help protect your money and your sensitive financial information from identity thieves, which is critically important as tax season approaches” said IRS Commissioner Chuck Rettig. “Protecting your information makes it harder for an identity thief to file a fraudulent tax return in your name.”

Password protection is the focus of Day 3 of National Tax Security Awareness Week. For the fourth year in a row, the IRS, state tax agencies and the nation’s tax industry – working together as the Security Summit – are highlighting the holiday period as a time to remember important safety tips everyone should take to protect their sensitive tax and financial data.

The week continues through Dec. 6 with a series of special educational efforts taking place at more than 25 partner events across the country to raise awareness about protecting taxpayers and tax professionals from identity theft. The week includes special social media efforts on platforms including Twitter and Instagram, including a special Twitter chat on @IRSnews and #TaxSecurity on Thursday.

Strong passwords protect online accounts and digital devices from data theft. But there have been some important changes many people can overlook.

In recent years, cybersecurity experts’ recommendations on what constitutes a strong password has changed. They now suggest that people use word phrases that are easy to remember rather than random letters, characters and numbers that cannot be easily recalled.

For example, experts previously suggested something like “PXro#)30,” but now suggest a longer phrase like “SomethingYouCanRemember@30.” By using a phrase, users don’t have to write down their password and expose it to additional risk. Also, people may be more willing to use strong, longer passwords if it’s a phrase rather than random characters that are harder to remember.

Protecting access to digital devices is so critical that some now feature fingerprint or facial recognition technology, but passwords remain common for many people.

Given the sensitivity of many of these online accounts, people should consider these passwords tips to protect devices or online accounts:

Use a minimum of eight characters; longer is better.
Use a combination of letters, numbers and symbols in password phrases, i.e., UsePasswordPhrase@30.
Avoid personal information or common passwords; use phrases instead.
Change default or temporary passwords that come with accounts or devices.
Do not reuse or update passwords. For example, changing Bgood!17 to Bgood!18 is not good enough; use unique usernames and passwords for accounts and devices.
Do not use email addresses as usernames if that is an option.
Store any password list in a secure location, such as a safe or locked file cabinet.
Do not disclose passwords to anyone for any reason.
When available, a password manager program can help track passwords for numerous accounts.

Whenever it is an option for a password-protected account, users also should opt for a multi-factor authentication process. Many email providers, financial institutions and social media sites now offer customers two-factor authentication protections.

Two-factor authentication helps by adding an extra layer of protection. Often two-factor authentication means the returning user must enter their credentials (username and password) plus another step, such as entering a security code sent via text to a mobile phone. Another example is confirming “yes” to a text to the phone that users are accessing the account on.

The idea behind multi-factor authentication is that a thief may be able to steal usernames and passwords, but it’s highly unlikely they also would have access to the mobile phone to receive a security code or confirmation to actually complete the log-in process.

Remember: the IRS will never ask for passwords. And watch out for phishing emails posing as trusted companies seeking passwords.

The IRS, state tax agencies, the private sector tax industry, including tax professionals, work in partnership as the Security Summit to help protect taxpayers from identity theft and refund fraud. This is the third in a week-long series of tips to raise awareness about identity theft. See IRS.gov/SecuritySummit for details.

WASHINGTON — As part of its ongoing efforts to protect taxpayers from identity thieves, the Internal Revenue Service today announced it will stop its tax transcript faxing service in June and will amend the Form 4506 series to end third-party mailing of tax returns and transcripts in July.

Tax transcripts are summaries of tax return information. Transcripts have become increasingly vulnerable as criminals impersonate taxpayers or authorized third parties. Identity thieves use tax transcripts to file fraudulent returns for refunds that are difficult to detect because they mirror a legitimate tax return.

The halt to the faxing and third-party service this summer are two more steps the IRS is taking to protect taxpayer data. In September 2018, the IRS began to mask personally identifible information for every individual and entity listed on the transcript. See New Tax Transcript and Customer File Number. At that time, the IRS announced it intended to stop its faxing and third-party mailing service, and has since worked with tax professionals to assure they have what they need for tax preparation and representation.

Faxing service ends June 28

Starting June 28, 2019, the IRS will stop faxing tax transcripts to both taxpayers and third parties, including tax professionals. This action affects individual and business transcripts.

Individual taxpayers have several options to obtain a tax transcript. They may:

Use IRS.gov or the IRS2Go app to access Get Transcript Online; after verifying their identities, taxpayers may immediately download or print their transcript, or
Use IRS.gov or the IRS2Go app to access Get Transcript by Mail; transcript will be delivered within 10 days to the address of record, or
Call 800-908-9946 for an automated Get Transcript by Mail feature, or
Submit Form 4506-T or 4506T-EZ to have a transcript mailed to the address of record.Tax professionals also have several options to obtain tax transcripts necessary for tax preparation or representation as follows:
Request that the IRS mail a transcript to the taxpayer’s address of record, or
Use e-Services’ Transcript Delivery System online to obtain masked individual transcripts and business transcripts, or
Obtain a masked individual transcript or a business transcript by calling the IRS, faxing authorization to the IRS assistor and the IRS assistor will place the document in the tax practitioner’s e-Services secure mailbox.
When needed for tax preparation purposes, tax practitioners may:
- Obtain an unmasked wage and income transcript by calling the IRS, faxing authorization to the IRS assistor and the IRS assistor will place the document in the tax practitioner’s e-Services secure mailbox, or
- Obtain an unmasked wage and income transcript if authorization is already on file by using e-Service’s Transcript Delivery System.

Certain third-party mailings stop July 1

Effective July 1, 2019, the IRS will no longer provide transcripts requested on Form 4506, Form 4506-T and Form 4506T-EZ to third parties, and the forms will be amended to remove the option for mailing to a third-party. These forms are often used by lenders and others to verify income for non-tax purposes. Among the largest users are colleges and universities verifying income for financial aid purposes. Tax professionals also are large volume users.

Taxpayers may continue to use these forms to obtain a copy of their tax return or obtain a copy of their tax transcripts. This change will NOT affect use of the IRS Data Retrieval Tool through the Free Application for Federal Student Aid (FAFSA) process.

Third parties who use these forms for income verification have other alternatives. The IRS offers an Income Verification Express Service (IVES) which has several hundred participants, who, with proper authorization, order transcripts. Lenders or higher education institutions can either contract with existing IVES participants or become IVES participants themselves. The tax transcript is an official IRS record. Taxpayers may choose to provide transcripts to requestors instead of authorizing the third party to request these transcrpts from the IRS on their behalf.

Tax professionals who are attorneys, Certified Public Accountants or Enrolled Agents (i.e., Circular 230 practitioners) and do not have an e-Services account may create one and, with proper authorization from clients, can access the e-Services’ Transcript Delivery System. Unenrolled tax practitioners must have an e-File application on file and be listed as delegated users to access TDS.

Customer File Number helps match transcripts

Because the taxpayer’s name and Social Security number are now partially masked, the IRS also created a Customer File Number space that can be used to help third parties match transcripts to taxpayers. Third parties can assign a Customer File Number, such as a loan application number or a student identification number. The number will populate on the transcript and help match it to the client/student. Learn more about the Customer File Number at About the New Tax Transcript and the Customer File Number

National Tax Security Awareness Week: Creating strong passwords can protect taxpayers from identity theft

IRS takes additional steps to protect taxpayer data; plans to end faxing and third-party mailings of certain tax transcripts

Stay Connected

Get in Touch

constant contact