Attention users of Internal Revenue Service online options. Some of you soon will be getting letters from the IRS about proving who you are.
This is not a scam. The coming IRS letters will be real.
New ID validation effort: The IRS notified tax professionals this week via email that during the next five weeks, the agency will send letters to certain e-Services product users who must either go online or call the e-Services e-Help Desk to validate their identities.
Users who receive these letters will have 30 days to either authenticate their identities online or by phone. If you fail to do so within the time limit, you will be locked out of the system.
This new validation step, according to the IRS' e-Services' web page, is the latest in its effort to strengthen security around IRS online tools in order to protect taxpayers.
"As part of this critical effort, we are requiring certain e-Services users to validate their identities," says the IRS. "Failure to validate your identity will result in your e-Services registration account being suspended for security purposes."
Here are some FAQs and IRS answers about the new security step.
When will the letters be sent?
The IRS will begin mailing letters this week (Nov. 28-Dec. 2) and continue to notifications through the end of December. They will be sent through the United States Postal Service to the addresses listed on the affected e-Services users' most recently filed tax returns.
The letter will be official notification that you must validate your identity with the IRS.
While letter recipients will have 30 days from the date on the letter to validate their identities, the IRS recommends folks take action as soon as they get a letter. This will help eliminate any possible delays that could lock you out of your e-Services account once the 30 days expire.
Who is affected?
The letters will go to any e-Services user who can access the transcript delivery service and who has been active on their e-Services account within the past year.
What do I do after getting the letter?
You must validate your identity using one of two options.
The preferred option is to validate your identity online by registering for Get Transcript Online, which uses Secure Access -- that's the IRS new dual authentication system -- to prove your identity.
To do this, you must have an email address, knowledge of your most recently filed tax return and financial information from either a credit card or other loan numbers.
You also must have a mobile phone in your name to complete the process in one session, or you must request an activation code by mail.
The second ID authentication option is for folks who can't validate their identities online. In this case, you may revalidate your identity by calling the IRS e-Services Help Desk. The number will be in the letter.
When you call, have the IRS letter you received handy. It contains a unique code that you must provide to the Help Desk representative. You'll also have to answer a series of identity-proofing questions to authenticate your identity.
If you can't prove who you say you are during this call-in process, you'll get instructions from the Help Desk on how to visit a Taxpayer Assistance Center to verify your identity in person.
Remember, do not call the e-Help Desk unless you receive a letter or your account is suspended.
And if you successfully registered for Get Transcript Online after May 2016, you do not need to take any other action. You shouldn't get a letter because your recent use of the online service means you have already authenticated your identity through Secure Access and the IRS has a record that your identity has been verified.
Will I be required to change my password?
At this time, the IRS is not requiring letter recipients who are validating their identities to change their passwords.
The tax agency says your current username and password will remain the same for e-Services, regardless of what username and password you use to register and validate your identity online.
This current ID authentication request is an interim security measure. The IRS is only seeking to validate your identity.
However, if your e-Services password is weak, you should consider updating it. A long and complex password is more secure. The IRS and cyber security/identity theft experts recommend using a password that is a minimum 8 digits long and includes letters, numbers and special characters.
What happens if I don't act on the letter?
If you take no action or fail to authenticate your identity within 30 days of the date on your letter, the IRS will suspend your access to e-Services. That means you will be unable to access any e-Services' tools and resources.
Don't fall for scams: While the IRS' snail mailed letter seeking some taxpayers to validate their identities is legitimate, Uncle Sam realizes that any unexpected contact, even from the official tax man, about personal data is disconcerting.
And, notes the IRS, it currently is aware of several ID validation scams out there. One is an email phishing attempt targeting tax professionals that seeks to capitalize on this and other IRS efforts to strengthen security of its online services to taxpayers.
One way to differentiate these criminal phishing scams, whether by email, phone or letter, is that they typically ask their ID theft targets to click on a special link to update their accounts.
The IRS does not do that. It directs you to go directly to its official web page at IRS.gov for further action.
So be alert to any phony requests, which most are, for your personal tax information and passwords. Like the one I got this week from someone claiming to be Federal Reserve Chair Janet Yellen, who has $4.7 million that Uncle Sam owes me as soon as I give her some data about myself. That was almost as good as the phishing email I got from a crook purporting to be Treasury Secretary Jack Lew.
Make sure the communication you receive in whatever form really is from official IRS sources. If you have any doubt, the IRS says you should go directly (as mentioned earlier) to IRS.gov or call the agency at call 1-800-829-1040 to determine if the communication is legitimate.
You also might find these items of interest: