The Internal Revenue Service is taking steps to address the growing problem of taxpayer identity theft, but the head of a security company thinks that taxpayers also need to take matters into their own hands.
Last week, the IRS announced that it was opening a special section of its Web site to help the increasing numbers of identity theft victims who file their taxes, only to learn that a thief has stolen their tax refund (see IRS Steps up Efforts to Combat Identity Theft).
LifeLock CEO Todd Davis told me in a phone interview Wednesday that taxpayers and accountants should also take steps to protect the personally identifiable information on their computers, which thieves can hack into, especially if they have any peer-to-peer software installed. File-sharing programs and Web sites that allow users to share music and video files can expose a computer to identity thieves.
“The problem with these programs is that there are over 200 of them out there,” he said. “They actually index your hard drive like Google. With these peer-to-peer programs, you don’t have to type in ‘Lady Gaga’ [to find music files.] You can put in the words ‘tax return,’ or ‘credit report,’ or ‘password.’”
He said his company has been able to pull up hundreds of thousands of tax returns in this way. LifeLock monitors peer-to-peer networks looking to see whether its members’ information is being compromised. For a monthly fee of $10 to $25 a month, the Tempe, Ariz.-based company also monitors applications for credit cards and cell phones in the name of its members and sends an alert.
A computer owner might not even know that peer-to-peer programs are installed. A family member might have put such a program on the computer without realizing the dangers.
“They may have kids or grandkids who just innocently wanted to download free music,” said Davis. “If your kids or grandkids have thousands and thousands of songs and you haven’t gotten a bill, make sure you get it off of there.”
Once an identity thief finds personally identifiable information on the computer, such as a name and Social Security number, they can use it to steal tax refunds.
“That has been one of the most effective ways for identity thieves to receive the information and then file fraudulent tax returns,” said Davis. “The IRS is not set up to authenticate tax returns. If I’ve got your name, Social Security number, birth date, your account number and bank routing information, I have all your bank information, I can file a fraudulent tax return with a made-up W-2 and I’ll do that the first of February when you’re not typically sending in your tax return. Then the IRS rejects your tax return when you file it.”
He noted that while the IRS offers tips to taxpayers to avoid phishing emails and other suspicious-looking scams, the IRS is not set up to authenticate the tax filing ahead of time. “They’re set up to process it and move it on through,” said Davis.