US flag signifying that this is a United States Federal Government website

  Official website of the Cybersecurity and Infrastructure Security Agency

The .gov means it’s official.

Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.

The site is secure.

The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

  1. Home >>
  2. About NICCS >>
  3. Featured Stories >>
  4. Protect Yourself and Your Data During Tax Season

Protect Yourself and Your Data During Tax Season

With April 15th just around the corner, millions of Americans are filing their taxes online. Meanwhile, organized groups of criminals are busily targeting Americans with focused and sophisticated tax scams. This occurs year-round, but taxpayers are now at an even greater risk of fraud aimed at stealing their information.

The Treasury Inspector General for Tax Administration reports that more than 2.4 million Americans have fallen victim to scams over telephone, physical mail, and email. This has resulted in a loss of more than $72.8 million since 2013. To keep personal and financial records safe during tax season, it’s important to be aware of the most common tax scams—those by phone and email. These can be very convincing. Cybercriminals are well-versed in all the right “buttons” to push to prove they are Internal Revenue Service (IRS) agents, but the IRS will never call or email you. If you receive a call from someone claiming to be an IRS employee, hang up. Should you become a target of this scam through email, forward it to

Putting up the following roadblocks also helps taxpayers stop scams:

  • File early to prevent others from filing for you. The IRS accepts one return per Social Security number, so once you file, no one else can file with your information.
  • When filing online, use an encrypted website with a ‘https’ heading before the URL, as well as a lock icon, which shows the connection is secure.
  • Regularly update software to close security gaps that cybercriminals can exploit.
  • Use long passwords of at least 16 characters. Include letters, numbers, and symbols.
  • Enable multi-factor identification. Use a tax site that will send you a one-time passcode in a text or email before logging in.

Besides online methods, tax scammers will also send letters to trick victims into sending them money. The IRS does send letters, but there are ways to tell a genuine IRS letter from a fake one. A real IRS letter:

  • Arrives in a government envelope with the IRS seal.
  • Includes a notice or letter number at the top right corner.
  • Includes IRS contact information. If the contact number appears to be a personal or cellphone number, the letter is fake. If you’re unsure if the contact information is genuine, call the IRS at 1-800-829-1040.
  • If the letter asks you to write a check to any party but the U.S. Treasury, give credit or debit card information, or pay using another method like gift cards, the letter is a scam.

Safeguarding personal and financial information is a year-round job, but with so much sensitive data changing hands during tax season, that effort is even more important, for both tax professionals and tax filers. In preparation for Tax Season 2020, the IRS provides a checklist of six key safeguards to help tax professionals protect data. Taxpayers can check out the Cybersecurity and Infrastructure Security Agency’s (CISA) tip sheets for more resources on how to report fraud. Additionally, offers cutting-edge information on the latest tax scams, how to spot them, and what to do in the event of identity theft. These key resources can provide you with the most up-to-date tools to help safeguard your finances as we head into Tax Season 2020.

You have been selected to participate in a brief survey about your experience today with National Initiative for Cybersecurity Careers and Studies.

Would you like to participate on a survey?