by Socheata Ten EA, LLC | Dec 3, 2021 | Tax Tips and News
Six little numbers.
They could be all the difference between a happy taxpayer and someone who’s fallen victim to identity thieves.
The six numbers make up an Identity Protection Personal Identification Number, also known as an IP PIN, and they can help to keep taxpayers’ personal financial information, well, personal.
An IP PIN is a six-digit number known only to the taxpayer and the IRS, assigned to eligible taxpayers to help stop the misuse of their Social Security number or Individual Taxpayer Identification Number (ITIN). Identity thieves file fake income tax returns using these numbers to claim fraudulent refunds.
Originally, the IP PIN was meant only for taxpayers who were known to be victims of tax-related identity theft. The program was expanded earlier this year to cover any taxpayer in the U.S. who would like the extra protection an IP PIN affords on returns filed with the IRS.
“When people have this special code, it prevents someone else from filing a tax return in their name,” said IRS Commissioner Chuck Rettig. “The fastest way to get an Identity Protection PIN is to use our online tool, but keep in mind people must pass a rigorous authentication process. We must know that the person asking for the IP PIN is who they really say they are.”
More than 5 million American taxpayers protect themselves now with an IP PIN, and the IRS recently made the process of acquiring an IP PIN easier than before.
The fastest and easiest way to get an IP PIN is online, using the IRS’ Get an IP PIN tool.
Whether the return is filed electronically or on paper, the six-digit IP PIN helps the IRS confirm that the filing taxpayer is who they say they are. The tool, at IRS.gov/ippin, provides a quick way to obtain an IP PIN; it’s also where participating taxpayers will go to get an IP PIN for the next year.
Each IP PIN is good for one year. Participating taxpayers will have to go online each January to get a new IP PIN to remain in the program.
In 2022, the Get an IP PIN tool is slated to go online January 10.
Here are some other things taxpayers need to know about the IP PIN program:
- No identity theft affidavit is required for taxpayers opting in. This means that anyone who voluntarily applies for an IP PIN doesn’t need to file Form 14039, Identity Theft Affidavit, with the IRS.
- Be sure to enter the IP PIN on any return, whether it is filed electronically or on paper. This includes any amended returns or returns for prior years. Doing so will help avoid processing delays or having the return rejected by the IRS.
- Anyone with either a Social Security number (SSN) or Individual Taxpayer Identification Number (ITIN) who can verify their identity is eligible for the IP PIN opt-in program.
- Any eligible family member can get an IP PIN. This includes the primary taxpayer (the person listed first on a tax return), the secondary taxpayer (on a joint return, the person listed second on the return) or any of their dependents.
- With one key exception, never reveal an IP PIN to anyone. The only exception is a taxpayer who uses a trusted tax professional to file their return. Even then, only share the IP PIN with the trusted tax pro when it is time to sign and submit the return. The IRS will never ask for an IP PIN. Remember to watch out: Phone calls, emails and texts requesting an IP PIN are scams.
- Identity theft victims should still fill out an ID theft affidavit. This means that any confirmed victim of tax-related identity theft still needs to file Form 14039 with the IRS if their e-filed tax return was rejected by the agency due to a duplicate SSN filing. The IRS will then investigate their case. Once the fraudulent tax return is removed from their account, the IRS will automatically mail an IP PIN to the confirmed victim at the start of the next calendar year. Because of security risks, confirmed identity theft victims cannot opt out of the IP PIN program.
Can’t pass the online authentication process?
Taxpayers who cannot pass the IRS online identity authentication process have a couple of options. One option is to file Form 15227. For the 2022 processing year, those taxpayers with an adjusted gross income of $73,000 or less (or an AGI of $146,000 or less for married filing jointly) can fill out Form 15227 and then either mail or fax it to the IRS.
The taxpayer needs access to a telephone, since the IRS representative will call the taxpayer to verify their identity. Note that this option is slower than the online tool, since it will take about a month for successful IP PIN applicants to actually receive their PIN.
The second option involves making an appointment with an IRS Taxpayer Assistance Center, or TAC. Taxpayers using this option should bring two forms of picture identification to the TAC appointment. Successful applicants will have their IP PIN mailed to them immediately after their visit; however, the IRS suggests allowing three weeks for delivery.
To find a local TAC, use the IRS Local Office Locator online tool or call 844-545-5640.
This is National Tax Security Awareness Week, which is sponsored by the Security Summit, a partnership between the IRS, state taxing agencies and tax-industry leaders. This alliance of public and private sectors has strengthened defenses against those criminals who would file fraudulent tax returns and steal refunds.
Source: IR-2021-238
– Story provided by TaxingSubjects.com
by Socheata Ten EA, LLC | Dec 3, 2021 | Tax Tips and News
Aside from being required by the FTC to have a written data security plan, criminals have increasingly been targeting tax professionals with phishing emails and social media messages. The pandemic—it turns out—has simply given them even more opportunities to create fraudulent government announcements.
To help prevent future tax-office data breaches, the Security Summit is recommending that tax pros review their security protocols before tax season begins. What better place to start than with the fundamentals?
What are the “Security Six?”
The IRS describes that the Security Six as “easy steps [that] can make a big difference, both for tax pros and taxpayers.” So, let’s take a look at what they recommend:
- Use anti-virus software and set it for automatic updates to keep systems secure. This includes all digital products, computers, and mobile phones.
- Use firewalls. Firewalls help shield computers from outside attacks but cannot protect systems in cases where users accidentally download malware, for example, from phishing email scams.
- Use multi-factor authentication to protect all online accounts, especially tax products, cloud software providers, email providers and social media.
- Back up sensitive files, especially client data, to secure external sources, such as external hard drive or cloud storage.
- Encrypt data. Tax professionals should consider drive encryption products for full-drive encryption. This will encrypt all data.
- Use a Virtual Private Network (VPN) product. As more practitioners work remotely during the pandemic, a VPN is critical for secure connections.
The IRS press release also notes that learning to identify and avoid common phishing scams is an essential step in avoiding data theft. Tax-pro-specific scams tend to have messages about expired account passwords, EFIN verification, and e-filing-related messages that appear to come from the IRS.
What should I do if I receive a phishing email or social media message?
First, never open an email or social media message that you suspect is a phishing scam. If you accidentally open the email, make sure you don’t click on any attachments or embedded links, since they could lead to a fake website or contain information-stealing malware or ransomware.
If you think you’ve received a tax-related phishing scam, be sure to report it to the IRS and TIGTA. That way, they can add it to their database of current scams and warn other tax professionals and taxpayers about it.
Remember, when it comes to data security, we’re all in this together.
Where can I find a sample tax office security plan?
In addition to reviewing these basic tips, you can check out the Drake Software Tax Office Security Plan. This sample security is composed of a series of worksheets that address common security-related issues, like classifying stored information, identifying threats, and prioritizing potential issues.
Visit our “Easy Steps to Create Your Mandatory Tax Office Security Plan (SAMPLE INCLUDED!)” blog to download a free copy.
Source: IR-2021-239
– Story provided by TaxingSubjects.com
by Socheata Ten EA, LLC | Dec 1, 2021 | Tax Tips and News
With the passage of Thanksgiving, Americans are shifting into gifting mode. For many, that means giving a holiday monetary gift to a well-deserving charity of one sort or another.
Unfortunately, scammers can use this noble intention to enrich themselves through fake charities. While the scammers’ main prize is money, they also can use the fake charity platform to download the taxpayer’s sensitive personal and financial information.
Merry Christmas indeed.
To help combat these thieves, the Internal Revenue Service wants taxpayers to know just who they’re giving to, and how to access that information.
The bright side of this warning is that much of this fake philanthropy can be avoided. The Security Summit, which is made up of representatives from state tax agencies, the nation’s tax community and the IRS, says the easiest and most effective way to be sure a charity is legitimate is to use the IRS’ Tax Exempt Organization Search Tool.
The IRS maintains a database of all federally recognized tax-exempt organizations. Using the online tool to check out a charity may be as simple as entering the charity’s name in the tool and seeing if it comes back as legitimate.
If a charity isn’t on the list of recognized organizations, donations to that organization can’t be tax-deductible. At worst, the charity could be a scam.
‘Tis the season for scammers
The Christmas holiday season can be one long payday for scammers. Between holiday shopping, the coming tax season and the pandemic, scammers have numerous opportunities to steal what were supposed to be charitable donations or highjack personal information.
The Security Summit members warn taxpayers to be especially careful this time of year when shopping online or viewing emails or texts.
Scammers will stop at nothing to get into a taxpayer’s wallet, setting up bogus organizations to take advantage of the public’s generosity. They use tragedies and disasters to appeal to taxpayers’ desire to help others.
Scammers also use phone calls
Some scammers us the telephone to advance their phony charities; those seeking donations for disaster relief are especially common over the phone. As with online charities, taxpayers should check out the charity before they donate, and should never feel pressured to give right away.
No matter what the charity, no matter whether the appeal is made online or by phone, here are the best ways to avoid being scammed by a fake charity:
- Individuals should never let any caller pressure them. A legitimate charity will be happy to get a donation at any time, so there’s no rush. Donors are encouraged to take time to do their own research.
- Confirm the charity is real. Potential donors should ask the fundraiser for the charity’s exact name, website and mailing address so they can confirm it later. Some dishonest telemarketers use names that sound like well-known charities to confuse people.
- Be careful about how a donation is made. Taxpayers shouldn’t work with charities that ask for donations by giving numbers from a gift card or by wiring money. That’s a scam. It’s safest to pay by credit card or check –– and only after researching the charity.
This is National Tax Security Awareness Week. The IRS and its Security Summit partners issued this alert to help taxpayers guard themselves against identity theft and the theft of sensitive tax information—all are methods used to file fake tax returns and obtain bogus refunds.
For more information on the Security Summit and identity theft, see IRS.gov/securitysummit for details.
Source: IR-2021-237
– Story provided by TaxingSubjects.com