10 Tips for Fighting Tax-Related ID Theft

Tax related identity theft is shaping up to be the number one concern this tax season – the Internal Revenue Service even had to temporarily shut down a tool it offers victims of ID theft, because apparently ID thieves had wormed their way into it. With that in mind, here are some tips.

  1. When is a website not a website? A “spoofed” site is one that’s designed to mimic an official site, so that victims can be lured into divulging private information through it. Often scammers send an e-mail asking users to verify personal information, with a convenient link to the spoofed site. These sites can often be spotted through their URL’s, which may bear no resemblance to that of the organization they purport to come from. For instance, the IRS web site is www.irs.gov, not www.irsgov275.hu.
  2. If it sounds too good to be true…it is. Ignore websites, emails and tax preparers who promote inflated tax refunds. Refunds should be based on the taxpayer’s tax situation, not the marketing claims of the tax preparer. Many of those offering inflated returns are actually fronts for ID theft operations, or unscrupulous preparers who inflate client refunds through illegal deductions (and often skim most of the inflated refunds off themselves).
  3. Hang up!  The IRS never initiates contact with taxpayers over the phone. The original scam here was to call taxpayers and threaten them with prison time if they didn’t immediately pay a (non-existent) tax debt.  This year it has been refined to ID thieves claiming to be the IRS agents who only need to verify a few pieces of data to process the taxpayer’s return.
  4. Information is precious. Sensitive personal information needs to be protected, particularly when being transmitted. Take the necessary precautions when giving information online. Check the security levels of the site you are visiting, and use technology like private client portals, email encryption, and virtual private networks where appropriate.
  5. The password is…A weak password on even the least-important-seeming account can lead fraudsters to the sort of information that allows them to unlock other accounts or steal an identity outright. Taxpayers should regularly change their passwords, and use strong passwords that aren’t easy to guess.
  6. Perils in public. Public WI-FI is great–but not for any kind of sensitive personal information, and definitely not for filing taxes.
  7. Social criminals. It’s remarkable how much information ID thieves can gather from social media to populate a bogus return. Change social media settings to “Private” or otherwise make them inaccessible to strangers.
  8. Keep it secret; keep it safe. Don’t leave old tax return information and other sensitive data lying around on a hard drive, encrypt it and store it somewhere secure.
  9. Alert the team. The biggest security bug in any system is people, whether at a business or in a family. Educating everyone who has access to a system that includes private information–from children and spouses to employees and partners–is critical.
  10. Don’t let your guard down. The end of tax season doesn’t mean the end of the threat. Taxpayers need to remain vigilant about securely sharing information, storing it safely, not giving it away in social media or other public fora, and otherwise staying on top of their identity, to make sure someone else doesn’t borrow it.