PrivacyOn
Privacy GuideMay 10, 20267 min read

How to Protect Your Privacy When Filing Taxes Online

SC

By Sarah Chen

Head of Privacy Research

How to Protect Your Privacy When Filing Taxes Online

Tax season is prime time for identity thieves. The IRS Criminal Investigation division has reported a dramatic surge in identified tax fraud, with losses reaching billions of dollars annually. Every online tax return you file contains your most sensitive information — your Social Security number, income details, bank account numbers, and home address. Here is how to lock it all down.

File Early to Beat the Scammers

One of the simplest and most effective defenses against tax fraud is filing your return as early as possible. Criminals who steal Social Security numbers often race to file fraudulent returns and claim refunds before the real taxpayer submits theirs. By filing early, you shrink the window of opportunity for scammers to act. If a fraudulent return has already been filed under your SSN, the IRS will reject your legitimate return — and the recovery process can take months.

Get an IRS Identity Protection PIN (IP PIN)

The IRS offers a free Identity Protection PIN — a unique six-digit code assigned to your account each year. When an IP PIN is active, the IRS will automatically reject any tax return filed without it, even if a criminal has your Social Security number. Anyone with an SSN or Individual Taxpayer Identification Number (ITIN) can enroll.

How to Get Your IP PIN

  • Online (fastest): Log in to your IRS online account at IRS.gov using your ID.me credentials and navigate to the IP PIN section of your profile page.
  • Form 15227: If your adjusted gross income is below $84,000 (individual) or $168,000 (married filing jointly), you can submit Form 15227 online. The IRS will verify your identity and mail your IP PIN within four to six weeks.
  • In person: Schedule a visit at a local Taxpayer Assistance Center using the IRS Taxpayer Assistance Locator tool or by calling 844-545-5640.

Why Every Taxpayer Should Get an IP PIN

An IP PIN is the single most effective tool the IRS offers against tax identity theft. It costs nothing, takes minutes to set up online, and works like a second password for your tax return. Even if your personal data has been exposed in a data breach, a thief cannot file a return without your current year's PIN.

Use Secure Networks and Devices

Where and how you file matters as much as what software you use. Follow these guidelines:

  • Never file on public Wi-Fi. Coffee shop, airport, or hotel networks are easy targets for eavesdroppers. If you must use a public connection, use a reputable VPN to encrypt your traffic.
  • Lock down your home Wi-Fi. Use WPA3 encryption (or WPA2 at minimum) and a strong, unique password for your router.
  • Keep software updated. Install updates for your operating system, browser, and tax software as soon as they are available. Security patches close vulnerabilities that hackers actively exploit.
  • Use antivirus and firewall protection. Ensure your security software is set to update automatically and is always running when you file.

Strengthen Your Account Security

Your tax software account is a gateway to your most sensitive data. Treat it accordingly:

  • Create a strong, unique password. Use at least 12 characters mixing uppercase and lowercase letters, numbers, and symbols. Never reuse a password from another site.
  • Enable multi-factor authentication (MFA). Every major tax preparation platform — TurboTax, H&R Block, TaxAct, FreeTaxUSA — offers MFA. Turn it on. It adds a second verification step (usually a code sent to your phone) that stops thieves even if they steal your password.
  • Use a password manager. It generates and stores complex passwords so you do not have to remember them or be tempted to use weak ones.

Watch Out for Phishing Scams

AI-powered phishing scams have made tax season more dangerous than ever. These scams now mimic the exact tone, branding, and language of the IRS and popular tax software providers, targeting thousands of users at a time.

The IRS Will Never Do These Things

The IRS does not initiate contact with taxpayers by email, text message, or social media to request personal or financial information. It does not threaten you with arrest or deportation. It does not demand immediate payment via gift cards, wire transfers, or cryptocurrency. Any communication doing these things is a scam — no exceptions.

How to Protect Yourself

  • Never click links in emails or texts claiming to be from the IRS. Go directly to IRS.gov by typing the address in your browser.
  • Verify any communication by calling the IRS directly at 800-829-1040.
  • Be suspicious of emails from your "tax preparer" asking for documents — confirm by calling them at a number you already have on file.

Secure Document Transmission

If you work with a tax professional, how you share documents is critical:

  • Use secure portals only. Your tax preparer should provide a password-protected, encrypted portal for document uploads. Never email tax documents — email is not encrypted and can be intercepted.
  • Vet your tax preparer. A reputable professional will use encryption for all communications, limit internal access to your data, and have clear data retention policies (typically three to seven years). If your preparer cannot explain how they protect your data, find a different one.
  • Encrypt files on your end. If you store tax documents on your computer, use built-in encryption tools (BitLocker on Windows, FileVault on Mac) to protect them in case your device is lost or stolen.

Monitor Your Identity Year-Round

Tax season threats do not end on April 15. Your Social Security number, once exposed, can be used for fraud at any time. Proactive monitoring is essential:

  • Check your IRS account regularly. Log in to IRS.gov to verify that no unauthorized returns have been filed in your name.
  • Review your credit reports. Look for unfamiliar accounts or inquiries at AnnualCreditReport.com.
  • Remove your data from broker sites. Data brokers sell your personal information — including names, addresses, phone numbers, and sometimes partial SSNs — to anyone willing to pay. Services like PrivacyOn continuously monitor over 100 data broker sites and remove your information, reducing your exposure to identity thieves who use this data to file fraudulent returns.
  • Consider dark web monitoring. PrivacyOn also offers dark web monitoring to alert you if your SSN, email, or financial details appear in underground markets, giving you time to act before criminals do.

What to Do If You Suspect Tax Identity Theft

  1. File an IRS Identity Theft Affidavit using Form 14039, either online or by mail.
  2. Respond to any IRS letters immediately. The IRS will send a letter if it detects a suspicious return filed under your SSN.
  3. Place a fraud alert with one of the three major credit bureaus (Equifax, Experian, or TransUnion). The alert automatically extends to the other two.
  4. Consider a credit freeze to prevent new accounts from being opened in your name.
  5. Report the theft to the FTC at IdentityTheft.gov, which will create a personalized recovery plan.

Filing taxes online is convenient, but convenience should never come at the cost of your security. By taking these steps — especially getting an IP PIN, filing early, and keeping your personal information off data broker sites — you can file with confidence knowing your identity is protected.

SC
Sarah Chen

Head of Privacy Research

CIPP/US CertifiedIAPP MemberB.S. Computer Science

CIPP/US-certified privacy researcher with over a decade of experience helping consumers remove their personal information from data brokers.

Related Articles

Privacy Guide

How to Protect Your Financial Privacy Online

Security

What to Do If Your Social Security Number Is Leaked

Security

How to Recognize and Avoid Phishing Scams

Ready to Protect Your Privacy?

Let PrivacyOn automatically remove your personal information from data broker sites and keep it removed.