If you’re filing your taxes online this year, watch for signs of tax identity theft, like someone using your Social Security number (SSN) to file and claim a tax refund. One way you’ll know is if the IRS rejects your tax return once you file. Learn to protect yourself while filing online and what to do if someone steals your tax refund.

If you use tax preparation software like TurboTax, H&R Block, TaxAct, or TaxSlayer, protect your accounts by using two-factor authentication. Requiring two or more credentials to log in makes it harder for scammers to get into your account, even if they get your username and password. And always file early, if you can — before anyone else files using your personal information.

But even if you’re careful, someone might still use your SSN to steal your refund. Now, if the IRS rejects the tax return you submitted online or through a tax preparer, it could just mean missing or incorrect information. But if the IRS says there’s more than one tax return filed in your name or they see income from an employer you know you don’t work for, that’s identity theft. Don’t panic — but do act quickly to communicate with the IRS. Here’s how:

1. Report it to IdentityTheft.gov using as many details as possible. The site will create an FTC Identity Theft Report, an IRS Identity Theft Affidavit, and a personal recovery plan.
2. Submit your IRS Identity Theft Affidavit through IdentityTheft.gov. This tells the IRS to begin investigating your case. Or get the Identity Theft Affidavit (IRS Form 14039) and submit it by mail.
3. Follow the steps in your personal recovery plan — like freezing your credit and checking your credit reports — to limit the damage identity theft causes.

Share IdentityTheft.gov/Steps with friends and loved ones to help them protect their personal information and stay ahead of identity thieves.

​Mortgage interest rates may be on the way down, but scammers’ false promises are likely on the way up. If you’re looking to lower your mortgage payment — by refinancing your home or VA loan — learn about your options and how to avoid mortgage relief scams.
Scammers will say just about anything to get you to trust them. Some scammers call or email claiming they’re from the Department of Veterans Affairs or your home loan servicer. They’ll promise to help you lower your mortgage payment — for an upfront fee or a retainer. But it’s illegal for a company to charge you before they help you with things like debt relief or improving your credit. And only scammers will tell you to cut off contact with your lender, housing counselor, or credit counselor. They might say they’ll handle any loan paperwork for you, but they’re just trying to steer you away from the real help you’re looking for.
Want to avoid a mortgage relief scam? Slow down and check things out for yourself. Always start by contacting your mortgage servicer or lender first. They’ll know the current status of your loan and can help you explore options to lower your payment. Here are a few other places to get legitimate help:

• Department of Housing and Urban Development (HUD). Your local HUD office or the housing authority in your state, city, or county can help you find a legitimate housing counseling agency nearby.
• Department of Veterans Affairs (the VA). If you have a VA home loan, contact them directly to get the most accurate information about your loan terms and help you check for options to lower your payment — for free. Just make sure anyone helping you is accredited by the VA.

Visit consumerfinance.gov/housing to get information from the Consumer Financial Protection Bureau (CFPB), HUD, and VA all in one place.
If you spot a mortgage relief scam, report it to your state attorney general and the Federal Trade Commission at ReportFraud.ftc.gov.

Hackers target your email and social media accounts to steal your personal information. Like your username and password, bank or credit card account numbers, or Social Security number. If they get it, they use it to commit identity theft, spread malware, or scam other people. So, what are signs that someone hacked your account, and how can you recover a stolen account?
Here are some things that might tip you off to a problem:

• You get a notification that your email address or phone number changed. Or that your password was reset. But you didn’t make those changes.
• You get a message that someone tried to log in, or did log in, and it wasn’t you.
• You can’t log in to your account.

If you can’t log in to your account, follow the provider’s account recovery instructions. If you get a notification about activity you don’t recognize, and you can log in, here’s what to do:
Change your account password. Create a unique and strong password that is hard to guess. Aim for 12 to 15 characters. Or use a passphrase — a series of words separated by spaces. Then sign out of that account on all devices. That way anyone who’s logged in to your account on another device will get kicked out.
Secure your account. If the account offers two-factor authentication (2FA), turn it on to add an extra layer of security. That way, a hacker with your password can’t log in to your account without a second authentication factor. Like a verification code you get by text or email, or from an authenticator app.
Update your account recovery information. Account recovery information helps you get back into your account if you're locked out, forgot your password, or if someone else is using it. Check your account recovery information and make sure the email address and phone number listed are correct.
Check for signs that someone had access to your account. Check if there are auto-forwarding rules in your email account that you didn’t set up. Hackers might create these rules to forward your emails to another address. Check your social media for messages the hacker posted or sent, or for new friends you don’t recognize.
If you believe someone stole your personal information, go to IdentityTheft.gov to report it and get a personalized recovery plan.

​During the holiday season, you might expect to get more deliveries. Some might even be surprise gifts. Scammers are counting on that when they send fake delivery notifications to you by email and text, hoping you’ll click. Here’s how to spot these scams.
You get an email or text and it says you missed the delivery. Or it might say your item can’t be delivered because you need to update your street address or zip code. Sometimes these scammers create a sense of urgency by saying if you don’t respond right away, they'll return your package to the sender. The scammers say both of these issues can easily be fixed: just click on a link.
Why do they want you to click that link? It’s a phishing scam. If you click, scammers could get information like your usernames and passwords for your online banking, email, or social media accounts. Scammers could then use those to steal your identity and open new accounts in your name. They might also install malware on your computer.
To avoid fake shipping notification scams:

• Don’t click on links in messages about an unexpected delivery.  If you get a message about an unexpected package delivery that tells you to click on a link for some reason, don’t click.
• Contact the shipping company directly to get more information. If you think the message might be legitimate, contact the shipping company using a phone number or website you know is real. Don’t use the information in the message.
• Check your order status. If you think the message could be about something you recently ordered, go to the site where you bought the item and look up the shipping and delivery status there.

No matter the time of year, it always pays to protect your personal information. Check out these resources to help you weed out spam text messages, phishing emails, and unwanted calls.

No one likes waiting in airport security lines. To speed things up, some people opt to get TSA PreCheck. Scammers know this and send emails that look like they're from TSA PreCheck — but they’re not. The emails want you to click a link that takes you to a scam website that only looks like the official site — but it’s not. If you pay to “enroll” or “renew” your TSA PreCheck, you may not even realize you’ve paid a scammer until you get to the airport for your next trip. But there are ways to spot these scams.
If you’re applying for TSA PreCheck for the first time, you don’t pay the application fee online. To get PreCheck, you complete the application and pay in person at a TSA enrollment center. Again: you don’t pay online. Only a scammer will ask you to pay online to enroll.
If you already have TSA PreCheck, you can renew and pay in person or take care of both online. The real TSA even sends renewal reminder emails out. But to avoid a scam, start your renewal at tsa.gov/precheck instead of clicking a link. A scammer’s link will take you to a scam site that looks real, but if you pay and give your information, the scammer will steal it.
To avoid scammers impersonating TSA PreCheck:

• Don't click links in unexpected emails or text messages, no matter how real they look.
• Don’t be rushed. If someone insists that you to pay right away, chances are that’s a scammer.
• Start at tsa.gov/precheck. Typing in that URL yourself is the best way to avoid the scam. And remember that all TSA PreCheck sites are .gov sites, not a .com.

Tell the FTC at ReportFraud.ftc.gov if you think you spotted this scam. And learn how to recognize phishing scams to keep scammers from stealing your money or identity.