With the holidays and the 2018 tax filing season approaching, federal and state tax officials on Wednesday urged consumers to avoid sophisticated email phishing scams that could expose personal information and next year's tax refund; avoid shopping or banking on public wi-fi network; and as always avoid scam artists posing in phone calls as IRS agents.

"The most common way for cyber criminals to steal bank account information, passwords, credit cards or Social Security numbers is to simply ask for them," said Brian Thomas, IRS special agent and national identity theft coordinator, at a press conference at the PICPA, the Pennsylvania Institute for Certified Public Accountants. Avoid shopping on phones using public wifi networks, and never do any banking on public wifi.

Never open a link or attachment from an unknown or suspicious source. Even if the email is from a known person, approach with caution, Thomas added. Cybercrooks are adept at mimicking trusted businesses, friends and family, and may have compromised a friend's email address or may be spoofing the address with a slight change in text, such as name@example.com — instead using narne@example.com. Changing the "m" to an "r" and "n" can trick the eye.

The IRS doesn't contact taxpayers by email or phone to request personal or financial information. This includes text messages and social media channels. Nor does the IRS call taxpayers with threats of lawsuits or arrests, Thomas said. "No legitimate business or organization will ask for sensitive financial information via email."

Thomas urged consumers to encrypt their tax returns, sensitive documents and files in Word and Excel (when saving, you can password-protect) and referred consumers to the IRS website for tips: www.irs.gov/individuals/taxes-security-together.