The Social Engineer

Human Beings: The most easily exploitable aspect of security

Tax Identity Theft Awareness

Uncategorized
Chad Gutschenritter January 29, 2020

Identity Awareness Week is coming up: February 3 – 7

“Cybercriminals love tax season. The enormous amounts of valuable personal and financial information that are shared online during this time frame make it a haven for hackers. Since most Americans are filing their taxes, deadlines are looming, and the cyber thugs are doing everything they can to take full advantage of the opportunity.” – Russ Schrader, Executive Director, National Cybersecurity Alliance

Tax identity theft happens when someone uses your Social Security number (SSN) to file a phony tax return and collect your refund. You may not find out about it until you try to file your tax return and the IRS rejects it as a duplicate filing. While the IRS investigates, your tax refund can be delayed. The misuse of your SSN means you also may be at risk of other types of identity theft. According to the Federal Trade Commission (FTC), tax-related identity theft is the most common type of identity theft. A 2017 identity fraud study by Javelin Strategy and Research revealed that nearly one in three consumers notified that their data has been breached become victims of identity fraud. In 2018, the 649,000 confirmed fraudulent returns attempted to claim $3.1 billion in refunds, according to the IRS.

If someone uses your SSN to file for a tax refund before you do, here’s what happens: When you file your return, IRS records will show that someone else has already filed and gotten a refund. If you file by mail, the IRS will send you a notice or letter in the mail saying that more than one return was filed for you. If you try to e-file, the IRS will reject your tax return as a duplicate filing.

If someone uses your SSN to get a job, the employer may report that person’s income to the IRS using your SSN. When you file your tax return, you wouldn’t have included those earnings. IRS records will show you failed to report all your income. The agency will send you a notice saying you had wages that you didn’t report. But the IRS doesn’t know those wages were reported by an employer you don’t know, for work performed by someone else.

The IRS does not call taxpayers with threats, and the IRS doesn’t initiate contact with taxpayers by sending an email, text, or social media message that asks for personal or financial information. Additionally, know that the IRS will never ask you to wire money, pay with a gift card or debit card, or share credit card information over the phone.

If you get an email, text, or other electronic message that claims to be from the IRS, do not reply or click on any links. Instead, forward it to phishing@irs.gov. And report IRS imposters to the US Treasury Inspector General for Tax Administration at tigta.gov.

Steps to Repair Identity Theft

Here are steps to take to limit the potential damage from identity theft:

  • Make sure you change your passphrases for all online accounts. When changing your passphrase, make it a sentence that is 12 or more characters long and make it unique to that account. You may also need to contact your bank and other financial institutions to freeze your accounts so that the offender is not able to access your financial resources.
  • Close any unauthorized or compromised credit or charge accounts. Cancel each credit and charge card. Get new cards with new account numbers. Inform the card companies that someone may be using your identity, and find out if there have been any unauthorized transactions. Close accounts so that future charges are denied. You may also want to write a letter to the company so there is a record of the problem.
  • Think about what other personal information may be at risk. You may need to contact other agencies depending on the type of theft. For example, if a thief has access to your Social Security number, contact the Social Security Administration. You should also contact your state’s department of motor vehicles if your driver’s license or car registration is stolen.
  • File a report with your local law enforcement agency. Even if your local police department or sheriff’s office doesn’t have jurisdiction over the crime (a common occurrence for online crime that may originate in another jurisdiction or even another country), you will need to provide a copy of the law enforcement report to your banks, creditors, other businesses, credit bureaus and debt collectors.

Article Written by: Chad Gutschenritter, Senior Cybersecurity / IT Auditor at Secure Guard Consulting

Helpful Resources:

https://www.us-cert.gov/ncas/tips/ST05-019

https://www.consumer.ftc.gov/blog/2020/01/tax-identity-theft-awareness-week-coming

https://www.irs.gov/newsroom/taxpayer-guide-to-identity-theft

Leave a Reply

Your email address will not be published. Required fields are marked *