Knowledge and Insights
Most Americans filed their 2015 tax returns by the extended April 18th deadline this year and will do their best to forget about taxes until they’re due again in 2017. However, increasing numbers of Americans don’t have the luxury of forgetting about taxes until next year because they’ve been victims of identity theft.
Since the early 2000s, cybercriminals have stolen vast amounts of personal data. Unfortunately, with help from the internet, individuals, companies, retailers, universities and governments, have had millions of personal identities placed at risk, as recently demonstrated by the theft of information and social security numbers of more than 20 million people, mostly U.S. government employees and contractors, from a U.S. government database.
An increasingly popular way for cybercriminals to use the stolen information: fraudulent tax filings.
After an individual’s information has been hacked, a cybercriminal could file a fraudulent tax return and collect a bogus refund. When the correct person tries to file their own tax return, they are notified that a return has already been filed with their name and social security number. At this point, it could be weeks or months since the theft occurred, so it’s often impossible to find out who committed the theft. In addition, it could take six months or more to recover the refund and get their own tax filing straightened out.
In the 2015 tax year, the IRS confirmed more than 1 million fraudulent returns, and managed to block nearly $7 billion in fraudulent refunds from being issued. During the first month and a half of the 2016 tax season, the IRS identified more than 42,000 tax returns with nearly $227 million claimed in fraudulent refunds, according to the Treasury Inspector General for Tax Administration. While the IRS has done a lot to identify fraudulent returns, it’s still one of the biggest challenges it has ever faced and only one form of tax-related identity thefts it contends with today.
An even faster-growing crime is the IRS phone scam. Criminals call someone and claim to be from the IRS, telling them they owe back taxes and will be arrested and prosecuted if they don’t make a payment over the phone immediately. Many have fallen victim to this scheme because they are unaware that the IRS does not contact individuals in this way. Panic causes unwitting victims to make decisions they quickly regret.
Here are a few helpful recommendations to avoid cyberattacks and being victimized through fraudulent tax schemes:
- Don’t overshare – It’s become normal to post selfies and broadcast your every thought on social media. Be discreet when sharing personal details like your address, bank, maiden name, vacation plans, or anything else that makes it easier for criminals to steal your identity.
- Don’t be duped by calls, emails or texts purporting to be from a tax agency or other financial institution – It’s a scam. Tax authorities don’t ever contact individuals through these means. Your bank will also never threaten these same type of solicitations, so don’t be fooled there either!
- Encrypt valuable files – That includes personal, financial and tax data.
- Protect your computer – Keep security software, anti-virus and firewall protections up to date.
- Don’t click on links you don’t know – Attachments to emails pretending to be from a tax or financial institution may infect your computer or steal your log-in information.
- Keep an eye on your credit – Check your credit report and Social Security earnings record at least once a year to make sure no one else is using your credit or Social Security number for employment or other purposes.
If you are a victim of identity theft, the Federal Trade Commission recommends these steps:
- Report the theft at IdentityTheft.gov.
- Contact the three major credit bureaus to place a fraud alert on your credit records:
- Equifax: 1-800-766-0008
- Experian: 1-888-397-3742
- TransUnion: 1-800-680-7289
- Contact your financial institutions to close any financial or credit accounts opened without your permission or tampered with by identity thieves.