Tax-related identity theft is shaping up to be the No. 1 concern this tax season – the Internal Revenue Service even had to temporarily shut down a tool it offers victims of ID theft, because apparently ID thieves had wormed their way into it.
1. When is a Web site not a Web site? When it’s a “spoofed” site – one that’s designed to mimic an official site, so that victims can be lured into divulging private information through it. Often scammers send an e-mail asking users to verify personal information, with a convenient link to the spoofed site.
These sites can often be spotted through their URLs, which may bear no resemblance to that of the organization they purport to come from. For instance, the IRS Web site is www.irs.gov, not www.irsgov275.hu.
2. If it sounds too good to be true … it is. Ignore Web sites, e-mails and tax preparers who promote inflated tax refunds. Refunds should be based on the taxpayer’s tax situation, not the marketing claims of the tax preparer, and many of those offering inflated returns are actually fronts for ID theft operations, or unscrupulous preparers who inflate client refunds through illegal deductions (and often skim most of the inflated refund off themselves).
3. Hang up! The IRS never initiates contact with taxpayers over the phone. The original scam here was to call taxpayers and threaten them with prison time if they didn’t immediately pay a (non-existent) tax debt; this year it has been refined to ID thieves claiming to be IRS agents who only need to verify a few pieces of data to process the taxpayer’s return … .
4. Information is precious. Sensitive personal information needs to be protected, particularly when being transmitted. Take the necessary precautions when giving info out online – check the security levels of the sites you’re visiting, and use technology like private client portals, e-mail encryption, and virtual private networks where appropriate.
5. The password is … . A weak password on even the least-important-seeming account can lead fraudsters to the sort of information that allows them to unlock other accounts or steal an identity outright. Taxpayers should regularly change their passwords, and use strong passwords that aren’t easy to guess.
6. Perils in public. Public Wi-Fi is great -- but not for any kind of sensitive personal information, and definitely not for filing taxes.
7. Social criminals. It’s remarkable how much information ID thieves can gather from social media to populate a bogus return. Change social media settings to “Private” or otherwise make them inaccessible to strangers.
8. Keep it secret; keep it safe. Don’t leave old tax return information and other sensitive data lying around on a hard drive; encrypt it and store it somewhere secure.
9. Alert the team. The biggest security bug in any system is people, whether at a business or in a family. Educating everyone who has access to a system that includes private information -- from children and spouses to employees and partners – is critical.
10. Don’t let your guard down. The end of tax season doesn’t mean the end of the threat. Taxpayers need to remain vigilant about securely sharing information, storing it safely, not giving it away in social media or other public fora, and otherwise staying on top of their identity -– to make sure someone else doesn’t borrow it.
Register or login for access to this item and much more
All Accounting Today content is archived after seven days.
Community members receive:
- All recent and archived articles
- Conference offers and updates
- A full menu of enewsletter options
- Web seminars, white papers, ebooks
Already have an account? Log In
Don't have an account? Register for Free Unlimited Access