IRS YouTube Video:

New Security Measures Help Protect Against Tax-Related Identity Theft  English

WASHINGTON – The IRS, state tax agencies and the tax industry marked the final day of National Tax Security Awareness Week with a warning to all tax professionals that they face additional challenges from cybercriminals seeking to exploit COVID-19 fears.

The partners, working together as the Security Summit, today closed a week-long effort to heighten awareness about identity theft and data security measures among taxpayers, businesses and tax practitioners. This was the fifth annual National Tax Security Awareness Week.

“When the Security Summit formed five years ago to fight identity thieves it was clear that the IRS, the state and industry could not be successful without the help of taxpayers and tax professionals. Everyone has a role to play in protecting sensitive financial data,” said IRS Commissioner Chuck Rettig. “We’ve made tremendous progress in the past five years, but we still have work to do. The coronavirus and the increase in teleworking creates new ways for these sophisticated cybercriminals to scam people out of their money or their sensitive tax and financial information.”

As the IRS and Security Summit partners took important steps to strengthen defenses against cybercriminals, identity thieves increasingly turned to tax professionals, targeting their offices and systems. Data thefts from tax professionals can provide valuable information to thieves trying to file fraudulent tax returns.

The Summit partners remind all tax professionals to review their security measures. IRS Publication 4557, Safeguarding Taxpayer Data, provides practitioners with a starting point for basic steps to protect clients.

The Security Summit also created the “Taxes-Security-Together” Checklist to help tax practitioners identify the basic steps they should take. As more tax preparers work from home or remote locations because of COVID-19, these measures are even more critical for securing tax data.

Basic protections - the ‘Security Six’ measures
These easy steps can make a big difference, both for tax pros and taxpayers:

Use multi-factor authentication to protect tax accounts
In 2021, all online tax preparation products for tax professionals will include an option for using multi-factor authentication. The Security Summit urges all tax professionals to use this option. Multi-factor authentication may not be available on all over the counter, hard-disk products.

Of the numerous data thefts reported to the IRS from tax professional offices this year, most could have been avoided had the practitioner used multi-factor authentication to protect tax software accounts.

Practitioners can download to their mobile phones readily available authentication apps offered through Google Play or the Apple Store. These apps will generate a security code. Codes also may be sent to practitioner's email or text but the IRS notes those are not as secure as the authentication apps. Use a search engine for "Authentication apps" to learn more.

Virtual private networks to protect remote sites
A VPN provides a secure, encrypted tunnel to transmit data between a remote user via the Internet and the company network. As teleworking or working from home continues during COVID-19, VPNs are critical to protecting and securing internet connections.

Failing to use VPNs can add risks to remote takeovers by cyberthieves, giving criminals access to the tax professional's entire office network simply by accessing an employee's remote internet.

Tax professionals should seek out cybersecurity experts whenever possible. Practitioners can also search for "Best VPNs" to find a legitimate vendor, or major technology sites often provide lists of top services. Remember, never click on a "pop-up" ad that’s marketing a security product. Those generally are scams.

Phishing scams, including COVID-19 and Economic Impact Payments
Phishing emails generally have an urgent message, such as “your account password expired.” They direct you to an official-looking link or attachment. But the link may take you to a fake site made to appear like a trusted source, where it requests your username and password. Or, the attachment may contain malware, which secretly downloads software that tracks keystrokes and allows thieves to eventually steal all the tax pro's passwords.

The Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) recently issued a warning to all organizations to educate employees, especially those teleworking, about increased activity related to phishing scams.

The IRS often sees thieves posing as potential clients, trying to trick tax pros into opening an embedded link or attachment. Scams involving COVID-19 and the Economic Impact Payments also have been prevalent.

Protect yourself: The need for a security plan and data theft plan
The IRS and Security Summit partners remind tax professionals that federal law requires them to have a written information security plan. Federal law gives the Federal Trade Commission enforcement authority over this provision. Practitioners can learn more about the FTC’s “Safeguards Rule” from IRS Publication 4557.

In addition to the required information security plan, tax pros also should consider an emergency response plan should they experience a breach and data theft. This time-saving step should include contact information for the IRS Stakeholder Liaisons who are the first point of contact for data theft reporting to the IRS and to the states.

IRS Publication 5293, Data Security Resource Guide for Tax Professionals, provides a compilation of data theft information available on IRS.gov, including the reporting processes.

The IRS, state tax agencies, the private sector tax industry, including tax professionals, work in partnership as the Security Summit to help protect taxpayers from identity theft and refund fraud. This is the last of a week-long series of tips to raise awareness about identity theft. See IRS.gov/securitysummit for more details.

The latest IRS executive column, “A Closer Look,” features information about how the IRS continues to focus on ensuring integrity and fairness in our nation’s voluntary tax system despite the challenges  of COVID-19. “Taxpayers who exercise their best efforts to file their tax returns and pay their taxes, or enter into agreements to pay their taxes, deserve to know that the IRS is pursuing others who have failed to satisfy their filing and payment obligations,” explains Eric Hylton, Commissioner, Small Business Self-Employed. Continue reading here. It’s also available in Spanish here.

“A Closer Look” is a column from IRS executives that covers a variety of timely issues of interest to taxpayers and the tax community. It also provides a detailed look at key issues affecting everything from IRS operations and employees to issues involving taxpayers and tax professionals.

Check here for prior posts and new updates.

Revenue Ruling 2020-28 provides the interest rates for the first quarter of 2021. The rates for interest determined under Section 6621 of the code for the calendar quarter beginning January 1, 2021, will be 3 percent for overpayments (2 percent in the case of a corporation), 3 percent for underpayments, and 5 percent for large corporate underpayments. The rate of interest paid on the portion of a corporate overpayment exceeding $10,000 will be 0.5 percent.

Revenue Ruling 2020-28 will be in IRB: 2020-52, dated December 21, 2020.

WASHINGTON – The Internal Revenue Service today announced that interest rates will remain the same for the calendar quarter beginning Jan. 1, 2021.  The rates will be: 

Under the Internal Revenue Code, the rate of interest is determined on a quarterly basis.  For taxpayers other than corporations, the overpayment and underpayment rate is the federal short-term rate plus 3 percentage points. 

Generally, in the case of a corporation, the underpayment rate is the federal short-term rate plus 3 percentage points and the overpayment rate is the federal short-term rate plus 2 percentage points. The rate for large corporate underpayments is the federal short-term rate plus 5 percentage points. The rate on the portion of a corporate overpayment of tax exceeding $10,000 for a taxable period is the federal short-term rate plus one-half (0.5) of a percentage point.

The interest rates announced today are computed from the federal short-term rate determined during Oct. 2020 to take effect Nov. 1, 2020, based on daily compounding.

Revenue Ruling 2020-28, announcing the rates of interest, is attached and will appear in Internal Revenue Bulletin 2020-52, dated Dec. 21, 2020.

WASHINGTON — The Internal Revenue Service today reminded employers that they must file Form W-2 and other wage statements by Feb. 1, 2021, to avoid penalties and help the IRS prevent fraud.

A 2015 law made it a permanent requirement that employers file copies of their Form W-2, Wage and Tax Statements, and Form W-3, Transmittal of Wage and Tax Statements, with the Social Security Administration by Jan. 31. That is also the date the Forms W-2 are due to workers. This upcoming tax season, however, Jan. 31 falls on a Sunday, pushing the due dates to the next business day, which is Monday, Feb. 1.

Certain Forms 1099-MISC, Miscellaneous Income and Forms 1099-NEC, Nonemployee Compensation, are also normally due to taxpayers on Jan. 31, but this tax season they too will be due on the next business day, Feb. 1, 2021. Various other due dates related to Form 1099-MISC, including dates dues to the IRS, can be found in the instructions on IRS.gov.

Helping fraud detection

The normal January filing date for wage statements means that the IRS can more easily detect refund fraud by verifying income that individuals report on their tax returns. Employers can help support that process, and avoid penalties, by filing the forms on time and without errors. The IRS recommends e-file as the quickest, most accurate and convenient way to file these forms.

Start early

Good preparation now can help businesses avoid problems later. For instance, employers can get an early start verifying or updating employee information like names, addresses and Social Security numbers or Individual Taxpayer Identification Numbers. They should also ensure their company’s account information is current and active with the Social Security Administration before January. Businesses should also order paper Forms W-2 early if needed. 

Automatic extensions of time to file Forms W-2 are not available. The IRS will only grant extensions for very specific reasons. Details can be found on the instructions for Form 8809, Application for Time to File Information Returns.

For more information, read the instructions for Forms W-2 & W-3 and the Information Return Penalties page at IRS.gov.

IRS YouTube Video:
New Security Measures Help Protect Against Tax-Related Identity Theft  English

WASHINGTON – The Internal Revenue Service, state tax agencies and the tax industry urged businesses to be on guard as thieves try to use their stolen names and data to file fraudulent tax returns.

The partners, operating cooperatively as the Security Summit to fight identity theft, marked the fourth day of National Tax Security Awareness Week with a warning to businesses to enact the strongest measures possible to protect their data and systems. The IRS also is planning additional steps to help businesses combat cybercriminals trying to steal their data.

“As the IRS and our partners have strengthened our security standards, identity thieves have looked for new ways to find sources of information, and businesses need to stay alert,” said IRS Commissioner Charles Rettig. “Businesses, just like individuals, can be victims of identity theft. Thieves may steal enough information to file a business tax return for refund or use other scams using the company’s identity.” 

More than 70% of cyberattacks are aimed at businesses with 100 or fewer employees. Thieves may be targeting credit card information, the business identity information or employee identity information.

Business are encouraged to follow best practices from the Federal Trade Commission include:

More information is available at FTC’s Cybersecurity for Small Businesses.

Businesses should especially be alert to any COVID-19 or tax-related phishing email scams that attempt to trick employees into opening embedded links or attachments. IRS related scams may be sent to phishing@irs.gov.

Starting Dec. 13, 2020, the IRS will begin masking sensitive information from business tax transcripts, the summary of corporate tax returns, to help prevent thieves from obtaining identifiable information that would allow them to file fake business tax returns.

Only financial entries will be fully visible. All other information will have varying masking rules. For example, only the first four letters of each first and last name – of individuals and businesses – will display. Only the last four digits of the Employer Identification Number will be visible.

The IRS also has publicly launched the Form 14039-B, Business Identity Theft Affidavit, that will allow companies to proactively report possible identity theft to the IRS when, for example, the e-filed tax return is rejected.

Businesses should file the Form 14039-B if it receives a:

This form will enable the IRS to respond to the business much faster than in the past and work to resolve issues created by a fraudulent tax return. Businesses should not use the form if they experience a data breach but see no tax-related impact. For more information, see Identity Theft Central’s Business section.

Although the tax scams can come and go, all employers should remain alert to Form W-2 theft schemes. In the most common version, a thief poses as a high-ranking company executive who emails payroll employees and asks for a list of employees and their W-2s. Businesses often don’t know they’ve been scammed until a fraudulent return shows up in employees’ names.

There is a special reporting procedure for employers who experience the W-2 scam. It also may be found at Identity Theft Central’s Business section.

Finally, Security Summit partners urge businesses to keep their EIN application information current. Changes of address or responsible party may be reported using Form 8822-B. Reminder: Changes in the responsible party must be reported to the IRS within 60 days. Current information can help the IRS find a point of contact to resolve identity theft and other issues.

The IRS, state tax agencies, the private sector tax industry, including tax professionals, work in partnership as the Security Summit to help protect taxpayers from identity theft and refund fraud. This is the third in a week-long series of tips to raise awareness about identity theft. See IRS.gov/securitysummit for more details.

IRS YouTube Video:
New Security Measures Help Protect Against Tax-Related Identity Theft  English

WASHINGTON – As part of the Security Summit effort, the Internal Revenue Service announced today that starting in January the Identity Protection PIN Opt-In Program will be expanded to all taxpayers who can properly verify their identities.

The Summit partners, including state tax agencies, the nation’s tax industry and the IRS, marked the third day of the National Tax Security Awareness Week by urging taxpayers who want the proactive protection against identity theft to opt into the Identity Protection PIN program in 2021.

The IP PIN is a six-digit number assigned to eligible taxpayers to help prevent the misuse of their Social Security number on fraudulent federal income tax returns. An IP PIN helps the IRS verify a taxpayer’s identity and accept their electronic or paper tax return. The online Get An IP PIN tool at IRS.gov/IPPIN immediately displays the taxpayer’s IP PIN.

“When you have this special code, it prevents someone else from filing a tax return with your Social Security number,” said IRS Commissioner Chuck Rettig. “The fastest way to get an Identity Protection PIN is to use our online tool but remember you must pass a rigorous authentication process. We must know that the person asking for the IP PIN is the legitimate taxpayer.”

The online tool uses Secure Access authentication which uses several different ways to verify a person’s identity. Before using the “Get an IP PIN” tool, the IRS encourages taxpayers to review the requirements at IRS.gov/SecureAccess.

For those who cannot pass Secure Access authentication, there are alternatives. Taxpayers with incomes of $72,000 or less and with access to a telephone should complete Form 15227 and mail or fax it to the IRS. An IRS assistor will call the taxpayer to verify their identity with a series of questions. For additional security reasons, taxpayers who pass authentication will receive an IP PIN the following tax year.

Taxpayers who cannot verify their identities remotely or who are ineligible to file a Form 15227 may make an appointment, visit a Taxpayer Assistance Center and bring two forms of picture identification. Because this is an in-person identity verification, an IP PIN will be mailed to the taxpayer within three weeks.

Taxpayers who obtain an IP PIN should never share their code with anyone but their trusted tax provider. The IRS will never call to request the taxpayer’s IP PIN, and taxpayers must be alert to potential IP PIN scams.

Here’s what taxpayers need to know about the IP PIN before applying:

There is no change in the IP PIN program for confirmed victims of tax-related identity theft. Those taxpayers should still file a Form 14039 if their e-filed tax return rejects because of a duplicate SSN filing. The IRS will investigate their case and once the fraudulent tax return is removed from their account, confirmed victims automatically will receive an IP PIN via postal mail at the start of the next calendar year.

IP PINs will be mailed annually to confirmed victims only and participants enrolled prior to 2019. Because of security risks, confirmed identity theft victims cannot opt out of the IP PIN program. Confirmed victims also can use the Get an IP PIN tool to retrieve lost IP PINs assigned to them.

The IRS, state tax agencies, the private sector tax industry, including tax professionals, work in partnership as the Security Summit to help protect taxpayers from identity theft and refund fraud. This is the third in a week-long series of tips to raise awareness about identity theft. See IRS.gov/securitysummit for more details.

On this Giving Tuesday, taxpayers are reminded there’s a special tax deduction available through Dec. 31, 2020 for the many people who give cash donations up to $300 to qualifying charities. Continue reading here or for Spanish here.

“A Closer Look” is a column from IRS executives that covers a variety of timely issues of interest to taxpayers and the tax community. It also provides a detailed look at key issues affecting everything from IRS operations and employees to issues involving taxpayers and tax professionals.

Check here for prior posts and new updates.

IRS YouTube Video:
New Security Measures Help Protect Against Tax-Related Identity Theft  English

WASHINGTON – The Internal Revenue Service, state tax agencies and the tax industry today marked the second day of National Tax Security Awareness Week by announcing an improved feature that will be available on all 2021 online tax preparation products.

Designed to protect both taxpayers and tax professionals, multi-factor authentication means the returning user must enter two pieces of data to securely access an account or application. For example, taxpayers must enter their credentials (username and password) plus a numerical code sent as a text to their mobile phone.

The agreement to add the multi-factor authentication feature is just one publicly visible example of the ongoing collaboration by the IRS, state tax agencies and the tax industry, which work together as the Security Summit. 2020 marks the fifth year of the Security Summit and of National Tax Security Awareness Week.

“Multi-factor authentication option is an easy, free way to really step up protection of your data whether you’re a taxpayer or a tax professional,” said Chuck Rettig, IRS Commissioner. “This is an important step being taken by the tax software industry. This is just one example of the many actions taken by the Summit partners over the past five years that have dramatically improved our ability to combat identity thieves and to protect taxpayers.”

Some online products previously offered multi-factor authentication. However, for 2021 all providers agreed to make it a standard feature and all agreed that it would meet requirements set by the National Institute of Standards and Technology. Multi-factor authentication may not be available on over-the-counter hard disk tax products.

Because the multi-factor authentication option is voluntary, Summit partners urged both taxpayers and tax professionals to use it. Multi-factor authentication can reduce the likelihood of identity theft by making it difficult for thieves to get access to sensitive accounts.

Users should check the security section in their online tax product account to make the change. It may be labeled as two-factor authentication or two-step verification or similar names.

Use of multi-factor authentication is especially important for tax professionals who continue to be prime targets of identity thieves. Of the numerous data thefts reported to the IRS from tax professional offices this year, most could have been avoided had the practitioner used multi-factor authentication to protect tax software accounts.

Thieves use a variety of scams – but most commonly by a phishing email – to download malicious software, such as keystroke software. This malware will eventually enable them to steal all passwords from a tax pro. Once the thief has accessed the practitioner's networks and tax software account, they will complete pending taxpayer returns, alter refund information and use the practitioner's own e-filing and preparer numbers to file the fraudulent return – a dangerous combination.

However, with multi-factor authentication, it's unlikely the thief will have stolen the practitioner's cell phone — blocking the ability to receive the necessary security code to access the account. This protects the tax pro's account information.

There are multiple options for multi-factor authentication. For example, taxpayers and tax practitioners can download an authentication app to their mobile device. These apps are readily available through Google Play or Apple’s App Store. Once properly configured, these apps will generate a temporary, single-use security code, which the user must enter into their tax software to complete authentication. Use a search engine for "Authentication apps" to learn more.

Other options include codes that may be sent to practitioner's email or mobile phone via text but those are not as secure as an authentication app.

While no product is fool-proof, multi-factor authentication does dramatically reduce the likelihood that taxpayers or tax practitioners will become victims. Multi-factor authentication should be used wherever it is offered. For example, financial accounts, social media accounts, cloud storage accounts and popular email providers all offer multi-factor authentication options.

The IRS, state tax agencies, the private sector tax industry, including tax professionals, work in partnership as the Security Summit to help protect taxpayers from identity theft and refund fraud. This is the second in a week-long series of tips to raise awareness about identity theft. See IRS.gov/securitysummit for more details.

IRS YouTube Video:
New Security Measures Help Protect Against Tax-Related Identity Theft  English

WASHINGTON — The Internal Revenue Service and the Security Summit partners today issued warnings to all taxpayers and tax professionals to beware of scams and identity theft schemes by criminals taking advantage of the combination of holiday shopping, the approaching tax season and coronavirus concerns.

The IRS, state tax agencies and the tax industry opened the National Tax Security Awareness Week to coincide with Cyber Monday, the traditional start of the online holiday shopping season. But the holiday shopping season combined with the impending tax season and an increased trend toward working remotely make online security an absolute necessity.

“This is generally the hunting season for online thieves, but this year there’s a dangerous combination of factors at play that should make people more alert,” said IRS Commissioner Chuck Rettig. “The combination of online holiday shopping, the approaching filing season and more of us are working remotely puts people more at risk.  People can help avoid becoming victims of scams or identity thefts, by taking a few simple steps to help protect sensitive tax and financial information.”

The IRS, state tax agencies and the nation's tax industry – working together as the Security Summit – mark the start of the 5th annual National Tax Security Awareness Week with tips on basic safeguards everyone should take.

The special week includes special informational graphics and social media efforts on platforms including Twitter and Instagram.

Here are a few basic steps everyone should remember during the holidays and as the 2021 tax season approaches:

In addition, the Summit partners note these security measures include mobile phones – an area that people sometimes can overlook. Thieves have become more adept at compromising mobile phones. Phone users also are more prone to open a scam email from their phone than from their computer.

Taxpayers can check out security recommendations for their specific mobile phone by reviewing the Federal Communications Commission's Smartphone Security Checker. Since phones are used for shopping and even for doing taxes, remember to make sure phones and tablets are just as secure as computers.

The IRS will not call, text or email about your Economic Impact Payment or your tax refund. Nor will the IRS call with threats of jail or lawsuits over unpaid taxes. Those are scams.

The Federal Bureau of Investigation issued warnings earlier about fraud and scams related to the pandemic. It specifically warned of COVID-19 schemes related to taxes, anti-body testing, healthcare fraud, cryptocurrency fraud and others. COVID-related fraud complaints can be filed at the National Center for Disaster Fraud.

The Federal Trade Commission also has issued alerts about fraudulent emails claiming to be from the Centers for Disease Control or the World Health Organization. Consumers can keep atop the latest scam information and report COVID-related scams at www.FTC.gov/coronavirus.

The IRS, state tax agencies, the private sector tax industry, including tax professionals, work in partnership as the Security Summit to help protect taxpayers from identity theft and refund fraud. This is the first in a week-long series of tips to raise awareness about identity theft. See IRS.gov/securitysummit for more details.