Top tax season security tips from the IRS

Tax season 2022 is Upon Us: Here’s How to Stay Secure.

In this blog post, we’re sharing news and information about security and privacy concerns straight from the IRS.

Because it’s tax season—and let’s face it, none of us have time for my usual preamble—here are links to each of the stories we’re covering. Jump straight to the one you’re most interested in or go ahead and read on through.

IRS drops facial recognition after security concerns
How to recognize tax season and IRS scams
IRS secures IRS Online Account registration process

IRS Drops Facial Recognition After Security Concerns

February 7, 2022 | IRS announces transition away from use of third-party verification involving facial recognition

The IRS had plans to use facial recognition provided by a third-party software provider to authenticate people creating new online accounts. The announcement was criticized almost immediately, with opponents citing major privacy and security concerns. The IRS then took swift action to dissuade security concerns, announcing on February 7 that they would “quickly develop and bring online an additional authentication process that does not involve facial recognition.” ¹

“The IRS takes taxpayer privacy and security seriously, and we understand the concerns that have been raised…Everyone should feel comfortable with how their personal information is secured, and we are quickly pursuing short-term options that do not involve facial recognition.”

Chuck Rettig, IRS Commissioner

How to Recognize Tax Season and IRS Scams

February 16, 2022 | Tax scams and consumer alerts

It’s that time of the year when businesses and consumers alike are bombarded with IRS scams and schemes. To combat the impersonators, the real IRS released an article, which thoroughly reviews scams targeting taxpayers, tax professionals and payroll and human resources professionals.

Here are a few tips—straight from the IRS—on how to avoid a cybersecurity event during the busy season and year-round.

Don’t communicate personally identifiable information (PII) over email, text message or social media channels. The IRS will never contact taxpayers through these methods. Instead, they’ll initiate “most contacts through regular mail delivered by the United States Postal Service.”² Usually, taxpayers will receive several letters in the mail—called notices—before any in-person visit is made.
Don’t send client information to the IRS over email. The IRS will never solicit client information from tax professionals via email (even during a pandemic). The IRS hasn’t switched over to email to collect information during the pandemic. Don’t fall for phishing schemes that use “pandemic-related themes to steal client data.”³ If you think you’ve received an email containing malware, or another type of suspicious IRS-related email, the IRS says to forward “the email as-is” to phishing@irs.gov.
If you receive a threatening phone call from someone claiming to be an IRS agent, hang up and report them immediately. The IRS won’t solicit payments or PII from taxpayers or tax professionals (or anyone) over the phone. And yet, every year, there are too many people who fall for criminals’ aggressive phone tactics. If you receive one of these phone calls, hang up immediately and follow the IRS’s instructions for reporting an IRS impersonation scam and phone phishing scheme.

We also suggest reporting any suspicious email to your internal IT department or cloud service provider. And if you’ve signed up for Secure Workstation, that suspicious email may not even make it through to your inbox. Learn more about our comprehensive, enterprise-level security solution with built-in antivirus threat protection and 24/7/365 intrusion monitoring.

IRS Secures IRS Online Account Registration Process

February 21, 2022 | New features put in place for IRS Online Account registration; process strengthened to ensure privacy and security

First—the IRS announced they’d be using biometric data to verify users’ identities when signing up for a new IRS Online Account. Then—backlash. (See “IRS drops facial recognition after security concerns”.)

This past Monday, the IRS confirmed its February 7 promise, announcing that taxpayers will have the option to authenticate their identity during a live virtual interview with agents or by using biometric verification. If a taxpayer has already opted for or plans to use biometric verification, the IRS ensures the selfie images will be deleted.

The two user authentication methods merely ensure a “short-term solution is in place for this year’s filing season,” according to IRS.gov, with “the goal of moving toward introducing [Login.gov] after the 2022 filing deadline.”⁴

“Login.gov is a secure sign-in service used by the public to sign in to participating government agencies.”

According to their website, Login.gov verifies users’ identities with a combination of password, authentication method, and, depending on the agency, submission of PII (like your photo ID.) We’ll have to wait and see how the IRS chooses to authenticate taxpayer identity—but at least no selfies will be required.