Multi-factor Authentication Spotlighted for National Tax Security Awareness Week

Multi-factor Authentication Spotlighted for National Tax Security Awareness Week

Multi-factor Authentication Spotlighted for National Tax Security Awareness Week

Day two of National Tax Security Awareness Week is all about multi-factor authentication. Following opening day warnings about the increased number of phishing scams that taxpayers will face over the holidays, during tax season, and throughout 2021, it makes sense that the second day emphasizes a security measure that the Internal Revenue Service says “will be available on all 2021 online tax preparation products.”

“The agreement to add the multi-factor authentication feature is just one publicly visible example of the ongoing collaboration by the IRS, state tax agencies, and the tax industry, which work together as the Security Summit,” the IRS says. “2020 marks the fifth year of the Security Summit and of National Tax Security Awareness Week.”

How does multi-factor authentication protect improve account security?

Multi-factor authentication is a term used for accounts that require more than one piece of user-provided information to access. While this process can take many forms, the IRS says that users may be required to enter a code that is texted to their phone or sent to an authentication app to log in. (Those who have enabled multi-factor authentication on a web-based email account like Gmail or Yahoo! Mail are already familiar with the process.)

But why does multi-factor authentication work?

“Thieves use a variety of scams—but most commonly by a phishing email—to download malicious software, such as keystroke software … to steal all passwords from a tax pro,” the IRS explains. “However, with multi-factor authentication, it’s unlikely the thief will have stolen the practitioner’s cell phone—blocking the ability to receive the necessary security code to access the account.”

Multi-factor authentication is an optional feature—and you should use it!

The IRS rightly points out that “no product is fool-proof,” but that doesn’t mean individual security features aren’t effective. When it comes to multi-factor authentication, the IRS flat-out states that the feature “does dramatically reduce the likelihood that taxpayers or tax practitioners will become [identity theft] victims.” But you can’t be protected by something you don’t use.

To read more about day one of National Tax Security Awareness Week, check out our blog, “National Tax Security Awareness Week Opens with a Warning.”

Source: IR-2020-266

Story provided by

National Tax Security Awareness Week Opens with a Warning

National Tax Security Awareness Week Opens with a Warning

National Tax Security Awareness Week Opens with a Warning

A warning has been issued to all taxpayers and tax professionals alike: Beware of scams and identity theft schemes by criminals taking advantage of the holiday shopping period, the approaching tax season and the coronavirus pandemic.

The warning comes from the Internal Revenue Service and its Security Summit partners as the IRS, state tax agencies and the income tax industry kick off National Tax Security Awareness Week at the traditional start of the holiday shopping season.

Holiday shopping, combined with the upcoming tax season and an increased trend toward working remotely, makes increased online security an absolute necessity.

“This is generally the hunting season for online thieves, but this year there’s a dangerous combination of factors at play that should make people more alert,” said IRS Commissioner Chuck Rettig. “The combination of online holiday shopping, the approaching filing season and more of us are working remotely puts people more at risk. People can help avoid becoming victims of scams or identity thefts, by taking a few simple steps to help protect sensitive tax and financial information.”

The Security Summit—which teams up the IRS, state tax agencies and members of the nation’s tax industry at large—marks the start of this, the fifth National Tax Security Awareness Week, with some basic tips on safeguards everyone should take.

Here are a few basic steps—for everyone:

  • Don’t forget to use security software for computers and mobile phones –- and keep it updated.
  • Make sure purchased anti-virus software has a feature to stop malware, and there is a firewall that can prevent intrusions.
  • Phishing scams—like imposter emails, calls and texts—are the leading way thieves steal personal data. Don’t open links or attachments on suspicious emails. This year, fraud scams related to COVID-19 and the Economic Impact Payment are common.
  • Use strong and unique passwords for online accounts. Use a phrase or series of words that can be easily remembered or use a password manager.
  • Use multi-factor authentication whenever possible. Many email providers and social media sites offer this feature. It helps prevents thieves from easily hacking accounts.
  • Shop at sites where the web address begins with “https”—the “s” is for secure communications over the computer network. Also, look for the “padlock” icon in the browser window.
  • Don’t shop on unsecured public Wi-Fi in places like a mall. Remember, thieves can eavesdrop.
  • At home, secure home Wi-Fi with a password. With more homes connected to the web, secured systems become more important, from wireless printers, wireless door locks to wireless thermometers. These can be access points for identity thieves.
  • Back up files on computers and mobile phones. A cloud service or an external hard drive can be used to copy information from computers or phones—providing an important place to recover financial or tax data.
  • Working from home? Consider creating a virtual private network (VPN) to securely connect to your workplace.

Don’t overlook your phone.

The Security Summit partners also note that these precautions don’t just cover office computers—they apply to smartphones as well. Keep in mind that thieves have become much more adept at compromising cellphones. Phone users are also more prone to open a scam email from their phone than from their computer.

Taxpayers can check out security recommendations for their specific mobile phone by reviewing the Federal Communications Commission’s Smartphone Security Checker. Since phones are used for shopping and even for doing taxes, remember to make sure phones and tablets are just as secure as computers.

The truth shall keep you safe.

Some basic facts can keep you out of trouble when it comes to cybercriminals. The IRS will not call, text or email about your Economic Impact Payment or your tax refund. Nor will the IRS call with threats of jail or lawsuits over unpaid taxes. Those are scams.

The Federal Bureau of Investigation has already issued warnings about fraud and scams related to the pandemic. It specifically warned of COVID-19 schemes related to taxes, anti-body testing, healthcare fraud, cryptocurrency fraud and others.

COVID-related fraud complaints can be filed at the National Center for Disaster Fraud.

The Federal Trade Commission also has issued alerts about fraudulent emails claiming to be from the Centers for Disease Control or the World Health Organization. Keep atop the latest scam information and report COVID-related scams at

This is the first in a week-long series of reminders to raise awareness about identity theft. Check out for more details.


Story provided by