Do you know how to protect yourself from tax-related identity theft? Malwarebytes Labs has provided helpful information, and I’ll share some highlights from their most recent newsletter.
Because of major breaches at Equifax and large outbreaks of ransomware like WannaCry in 2017, hundreds of millions of records have been compromised. While the IRS has taken steps to reduce tax-related identity theft, criminals have already devised new tax scams to circumvent extra security protocols.
In February, the IRS issued a warning about a scam in which criminals steal client data from accountants and file fraudulent tax returns. These scam artists then have the return sent to the taxpayers’ real bank accounts for deposit, only to reclaim the refund later using social engineering tactics. Essentially, they steal your identity, file your return, deposit your return in your bank account, and steal it away later by posing as the IRS and claiming the return was filed in error.
Tax-related identity theft can damage your credit. It can also take as much as 600 hours of your time to restore a stolen identity, according to the Identity Theft Resource Center.
Protect Your Information & Identity
Here are six tips to keep your information and your identity safe:
- If you haven’t already filed your 2017 tax return, do so now. The sooner you do this, the sooner you’ll receive a refund if you have one coming to you. Costly mistakes are often made when you’re rushing to meet a filing deadline, so allow plenty of time to prepare your return properly and check your work before sending it in by the April 16 deadline.
- If you are relying on tax software to prepare your return, check out reviews or articles. Research online tax service providers to see how secure their systems are. Sites should have strong password standards, a lock-out feature that blocks users after too many unsuccessful login attempts, security questions, and email and/or text verification. Sites should also use secured browsers (a website URL that starts with “https” and displays a lock icon). And be sure to use a connection that’s secure. Never file your taxes using public Wi-Fi.
- If you want to hire a trusted accountant to prepare your tax return, check out their references or ask for referrals first. The cheapest may not always be the best.
- Once you’ve filed, make sure to keep your copy of the tax return in a safe place. If filing online, you’ll receive a PDF file you can download to your desktop. If someone were to access your computer, all that information would be readily available to them. So be sure to either store it in an encrypted cloud service or put it on a removable drive, such as a USB. If filing by mail with a paper copy, keep your taxes in a locked file cabinet or drawer that is accessible to only those you trust.
- Be aware of social engineering scams, including phishing emails. A popular phishing technique is to send an email from the “IRS” that says, essentially, “We have your tax return ready and you can get your money faster if you just download this PDF.” NEVER open an attachment from an email you aren’t expecting to receive. Also, the IRS will never email you. They’ll physically mail you information, but even then, be on the alert for tax scams. They can happen via postal mail, too.
- In addition to phishing attacks, there are reports of cold callers who say, “We’re from the IRS and you owe us $10,000.” The IRS will never call or email you. If you receive an email or phone call that’s unsolicited and is looking for personal information, never provide any information they request, as the caller is not with the IRS and is up to no good!
Additional Protection Against Fraud
After mastering the basics of online security best practices, it’s a good idea to protect yourself using additional technology. Before you even start typing in your social security number, you should run at least one kind of cybersecurity scan. I’ve used Malwarebytes for years, to ensure that there’s no malware on my system, such as a keylogger or spyware that can record information without me knowing.
Make sure that your operating system, browser, and other software programs are updated. This will help protect against malware that might exploit vulnerabilities in your computer.
If you believe there’s a chance you could have been compromised, look into credit monitoring or ID theft services. I use IDShield, which is associated with LegalShield—something I’ve been a member of for years. This company provides you with coverage that monitors for unusual behavior and notifies you if there is any suspicious activity related to your credit. If there is identity or credit theft, they provide assistance to help you shut down accounts, recover what you’ve lost, and restore your identity.
By law, you are entitled to a free copy of your credit report from the major bureaus: Equifax, Experian, and Trans Union. Review your reports annually and look for any suspicious activity. If someone has stolen your identity, call the three national credit reporting organizations and the Social Security Administration immediately to place a fraud alert on your name and Social Security number.
- Equifax: 800-680-7289
www.equifax.com - Experian (formerly TRW): 888-397-3742
www.experian.com - Trans Union Fraud Victim Assistance: 800-680-7289 www.transunion.com
- Social Security Administration Fraud Hotline: 800-772-1213
Most Popular Identity Theft Types
According to the IDShield Investigator Insights (March 2018 newsletter), credit card fraud topped the list as the identity theft type most reported to the Federal Trade Commission last year.
Here are the top three Identity Theft Types reported in 2017:
- Credit Card Fraud: 133,015
- Employment or Tax-Related Fraud: 82,051
- Phone or Utilities Fraud (new mobile phone accounts accounted for 43% of this): 55,045
A 150% increase in new landline account identity theft contributed to an overall rise in utilities-related identity theft reported to the FTC. Why such a jump in landline accounts? One possibility is that landline accounts are often bundled with a cable or internet package.
Since most utilities companies do not run a check with any of the three major credit reporting agencies before opening an account, utilities identity theft is easier to commit than some other types. As a result, victims may not be aware their personal information has been used to open a new account, until the victim receives a past-due or collection notice.
IDShield Investigator Insights’ March newsletter also reported that those between the ages of 20-29 were more likely than any other age group to fall victim to a scam in 2017. However, the age group that reported the most incidents of identity theft were between the ages of 30-39.
In summary, file your tax return early, stay vigilant online, pay attention to potentially fraudulent behavior with your credit card, phone, and utilities, and employ the proper security technology and security practices. When you follow these tips, you’ll keep cybercriminals from cashing in on your tax returns and your peace of mind.
Additional resources:
- Website: Internet Safety & Security Guide
- Blog: Are you at Risk for Identity Theft?
- ID Theft Service: IDShield
- Cyber Security Service: Malwarebytes
