U.S. consumers are expected to spend about $144 billion in online shopping this holiday season. “That creates a huge opportunity for identity thieves to shoplift sensitive personal and financial information,” says Utah State Tax Commission Security Manager Bobette Phillips.

The IRS and the Utah State Tax Commission are announcing the Tax Security Awareness Week, December 2-6. It is hoped that increased attention to tax-related identity theft will help shoppers and businesses watch out for common scams that can put financial and tax data at risk.

As part of the effort, the IRS has created new YouTube videos on security steps for taxpayers. The videos can be viewed or downloaded at Easy Steps to Protect Your Computer and Phone and Avoid Phishing Emails.

Tax Security Awareness Week will include a special social media effort on Twitter and Instagram at @IRSnews and #TaxSecurity. There will also be a Twitter chat on December 5.

The week will feature daily security guides. Highlights include:

Day 1: Protect personal and financial information online
The IRS and Security Summit remind people to take these basic steps:

  • Use security software for computers and mobile phones – and keep it updated.
  • Protect personal information; don’t hand it out to just anyone.
  • Use strong and unique passwords for all accounts.
  • Use two-factor authentication whenever possible.
  • Shop only secure websites; Look for the “https” in web addresses; avoid shopping on unsecured and public wi-fi in places like shopping malls.
  • Routinely back up files on computers and mobile phones.

Day 2: Learn to recognize phishing emails and phone scams
Know that email scams often:

  • Pose as companies people know and trust, and
  • Tell an urgent story to trick victims into opening link or attachment.

Watch out for scam phone calls, too. Remember:

  • The IRS does not call demanding payment with threats of jail or lawsuit.
  • The IRS does not demand payment via gift or debit cards. The IRS does not accept tax payments by iTunes cards.
  • The IRS does not send unsolicited emails about refunds or payments, requesting either login credentials, Social Security numbers or other sensitive information.

Day 3 – Create strong passwords to protect online accounts
The password standards have changed. Here are some simple guidelines:

  • Use long phrases combined with characters and numbers. For example: SomethingOneCanRemember@30.
  • Use a different password for each account; don’t use an email address if that’s an option and use a password manager.
  • Use two-factor authentication whenever it’s offered, for example on email accounts, financial accounts and social media accounts.

Day 4 – Recognize clues of identity theft
A business taxpayer may be an identity theft victim if:

  • An e-filed return is rejected because a duplicate is already on file with the IRS.
  • Routine extensions to file requests are rejected.
  • An unexpected receipt of a tax transcript or an IRS notice is received.
  • Failure to receive expected and routine correspondence from the IRS, which can be an indicator an identity thief has changed the address.

Day 5 – Tax professionals should review their safeguards
The IRS and the Summit partners urge tax pros to review the Taxes-Security-Together Checklist, including:

  • Deploy basic security measures.
  • Create a written data security plan as required by law.
  • Know about phishing and phone scams.
  • Recognize the signs of client data theft.
  • Create a data theft recovery plan.

“We’re hoping people will be educated about possible security risks that may look innocent but are not,” said Phillips. “We want consumers and businesses to be able to truly enjoy the holiday season.”

The Utah State Tax Commission collects revenue for the state and local governments and equitably administers tax and assigned motor vehicle laws.