Tax season has officially started, so you should prepare to file your 2024 tax return, and prepare for the scammers who are already prowling. Don’t get baited and hooked.

Many people are lax about protecting their personal information online, and there’s more reason than ever to be wary given widespread hacks such as the massive data breach of background check company National Public Data that exposed an estimated 2.9 billion records, including Social Security numbers.

Protecting yourself is important for many reasons, including how time-consuming and difficult it can be to recover from tax-identity theft, said Andy Phillips, vice president of The Tax Institute at H&R Block.

“Consumers need to be thoughtful about how they protect their personal and tax information online to avoid becoming a victim of tax-related identity theft,” he said.

There’s also always the risk that financial need and stress lead people to make hasty decisions when something too good to be true is offered. Nearly 40% of taxpayers will need refunds to make ends meet, according to a recent Credit Karma survey.

There are some basic do’s and don’ts of working with tax professionals that are always the starting point. More than half of taxpayers turn to a tax professional for help filing a tax return, according to the Internal Revenue Service. Choosing a reputable provider can prevent financial harm. Taxpayers should avoid unethical “ghost” return preparers who don’t sign or include a valid preparer tax identification number (PTIN) on every tax return they prepare.

Taxpayers can also use the IRS Directory of Federal Tax Return Preparers with Credentials and Select Qualifications to find trusted professionals. Choosing a provider affiliated with a recognized national tax association is also advisable. The National Association of State Boards of Accountancy also maintains a database to help consumers check whether their provider is a certified public accountant and in good standing.

Then, there are all the more specific ways that the migration of our tax lives, and daily lives, online introduce additional risks to tax season. Here are several ways consumers can help keep their identities and personal information safe.

Make sure the provider uses secure online processes

Choosing a vetted tax professional is the first step, but when sending personal information over the Internet, be sure your provider gives you a secure link, so the information goes directly to the intended recipient in a secure fashion, said Lisa Greene-Lewis, a spokeswoman for TurboTax. 

If your tax professional is asking you to send personal information via email, it could be time to switch providers. “I wouldn’t send important documents over email,” Greene-Lewis said.

File early, or use an IRS pin, to cut down on tax-related identity theft

Fraudsters sometimes try to file a tax return using someone else’s Social Security number. To mitigate this possibility, submit your taxes as early as possible, Phillips said. In many cases, a Social Security number can only be used on one electronically filed tax return, so filing early helps reduce the potential of tax ID theft.

Many people do this already, of course, many because they expect a refund. The IRS estimates more than 140 million individual tax returns for tax year 2024 to be filed ahead of the April 15 federal deadline.

Another option is for taxpayers to request an identity protection pin from the IRS, which prevents someone else from filing a tax return using their Social Security number or individual taxpayer identification number. This pin helps verify the taxpayer’s identity when filing an electronic or paper tax return, adding an extra layer of security. Many taxpayers are eligible to establish a pin online. Otherwise, there’s an option to fill out a PDF and send it to the IRS via postal mail or fax.

Watch out for the fake ‘IRS’ email or text

Thousands of people have lost millions of dollars and their personal information to tax scams, according to the IRS, so it’s important to know the warning signs. The IRS typically contacts people the first time through regular U.S. mail delivered by the U.S. Postal Service. To verify the IRS sent the letter or notice, you can search for it on IRS.gov. Some letters are sent from private collection agencies.

The IRS will never initiate contact with you by email, with a few exceptions such as if you have an account and opt in to email, and criminal investigations. Similarly, the IRS won’t text taxpayers without their permission. The IRS might call to discuss your case, verify information or set up a meeting, but it won’t be unsolicited. In-person visits are also rare, and the IRS generally sends a letter beforehand.

Often fraudulent communications claiming to be from the IRS or associated individuals can have typos or other mistakes in them, but with artificial intelligence, these communications are more sophisticated and scams can be harder to spot. The best advice is not to click on random links contained in an email or text, even if it’s from someone you think you recognize. Emails and texts can be easily spoofed and it’s better to be safe than sorry.

Don’t rush to claim offers about refunds, credits and payments

Scammers often attempt to mislead people about tax refunds, credits and payments. They pressure people for personal, financial, employment information or money. Warning signs of a possible scam include the promise of a large payday, demands to pay immediately or threats if you don’t.

Also, don’t fall for scams where someone offers to seek benefits on your behalf for a portion of the refund. “If someone is charging you a portion of your refund, that is a red flag. You need to walk away,” Phillips said. If they offer to help with the credit, but refuse to sign your tax return, that’s another red flag, he added.

Consumers can read the latest consumer alerts about tax scams identified by the IRS on its website.

Beware of pandemic-related scams still being used today

New scams or old ones with a slightly different twist are always popping up.

In January, the Identity Theft Resource Center warned consumers about criminals who claim, in emails and texts, to be from the IRS in order to trick people into believing they are eligible for a pandemic-related Economic Impact Payment (EIP). Scammers are hoping to ensnare victims into responding or clicking on a malicious link so they can steal personal and financial information that can be used for multiple fraudulent purposes, according to ITRC.

Consumers who receive this type of message should forward it to the IRS at phishing@irs.gov. 

“Always being wary and thoughtful of where you are providing your information and what you are sharing,” Phillips said.