Posts

The number of data breaches was already on a record pace for 2017 before the reported theft of nearly 145 million Americans’ names, addresses and Social Security numbers brought the issue to the forefront.

Every day, data thefts large and small put people’s personal and financial information at risk. There are steps that data theft victims may take to protect their financial accounts and their identities once cybercriminals have their names and other sensitive information.

The Internal Revenue Service, state tax agencies and the tax community — partners in the Security Summit — are marking “National Tax Security Awareness Week” with a series of reminders to taxpayers and tax professionals. Today, the topic is data breaches.

In the first half of 2017, the number of data breaches increased by 29 percent, to a record 791 incidents, according to Identity Theft Resource Center (ITRC) and CyberScout, which sponsored the report. For the past five years, ITRC has tracked data breaches in five key sectors.

Generally, thieves want to take advantage of the stolen data as quickly as possible. That may mean selling the data on the Dark Web for use by other criminals. It may mean the crook tries to access financial accounts for withdrawals or credit cards for charges. It may also mean a thief quickly files a fraudulent tax return in victims’ names for a refund.

Those Who’re Victims Should Consider These Steps:

  • If possible, learn what information was compromised. Was it emails and passwords or more sensitive data such as name and Social Security number?
  • Take advantage of any credit monitoring offers made by the company that was breached.
  • Place a freeze on credit accounts to prevent access to credit records. There may be a fee for requesting one. This varies by state. At a minimum, place a fraud alert on credit accounts by contacting one of the three major credit bureaus. A fraud alert on credit records is not as secure as a freeze, but a fraud alert is free.
  • Reset passwords on online accounts, especially financial, email and social media accounts. Experts recommend at least 10-digit passwords, mixing letters, numbers and special characters. Use different passwords for each account. Use a password manager, if necessary.
  • Use two-factor authentication wherever it is offered on financial, email and social media accounts. Two-factor authentication requires entry of a username and password and then a security code, generally sent via text to a mobile phone you’ve pre-registered.

The scale of the credit bureau breach, which was reported this summer, has prompted many questions, especially about how a victim’s taxes may be affected. Because of the work by the Security Summit, more protections are in place to protect taxpayers from tax-related identity theft. Thieves will need more than a name, address, birth data and SSN to file a fraudulent tax return.

Tips for the 2018 Tax Season; Will Filing Early Help?

The IRS reminds taxpayers that they should file their tax return as early as they can, but not before they are sure they have all the proper information and supporting Forms W-2 and 1099. Taxpayers should always file an accurate tax return. Filing before all information is received puts taxpayers at risk of needing to file an amended tax return, paying interest or penalties or even receiving an IRS notice or audit.

The IRS and states have put many new defenses in place to help protect taxpayers from identity theft. The new IRS protections have worked well to protect taxpayers, and some key indicators of identity theft on tax returns have dropped by around two-thirds since 2015.

These protections are especially helpful if criminals only have names, addresses and SSNs – which was the information stolen in recent incidents. However, there are continuing concerns that cybercriminals will try to build on this basic information by trying to obtain more specific financial details from taxpayers and tax professionals to help them file fraudulent tax returns.

In addition, no one yet knows what thieves may do with information from the data breaches. The Summit partners believe cybercriminals will increasingly look to steal more detailed information from taxpayers, tax professionals and businesses to help file a fraudulent tax return. The volume of victims means everyone – the tax agencies, tax professionals and taxpayers – must be vigilant going into the 2018 tax filing season and be alert to any unusual activity.

Here Are a Few Signs of Tax-Related Identity Theft:

  • An electronically filed tax return rejects because a return with the taxpayer’s SSN already has been filed;
  • Taxpayers receive a letter from the IRS asking them to confirm whether they submitted a tax return being held for review;
  • Taxpayers receive a notice from the IRS indicating that they owe additional tax, have a refund offset or have a collection action for a year in which they did not file a tax return;
  • Taxpayers receive a notice from the IRS that they received wages from an employer for whom the taxpayer did not work.

Taxpayers should file a Form 14039, Identity Theft Affidavit, only if their return rejects because a return using their SSN already has been filed or if told to do so by the IRS. This form is how taxpayers report that they are an identity-theft victim.

The IRS stops the vast majority of fraudulent returns. Each year, the IRS stops returns it deems suspicious and asks the filer to verify whether they filed the return. The IRS will send a notice asking taxpayers to confirm whether they filed the return.

The IRS, state tax agencies and the tax industry are working together to fight against tax-related identity theft and to protect taxpayers. Everyone can help. Visit the “Taxes. Security. Together.” awareness campaign or review IRS Publication 4524, Security Awareness for Taxpayers, to learn more.

Source: https://www.irs.gov/newsroom/national-tax-security-awareness-week-no-3-victims-of-data-breaches-should-consider-these-steps

With the approach of the holidays and the 2018 filing season, the IRS, state tax agencies and the nation’s tax industry urge people to be on the lookout for new, sophisticated email phishing scams that could endanger their personal information and next year’s tax refund.

The most common way for cybercriminals to steal bank account information, passwords, credit cards or Social Security numbers is to simply ask for them. Every day, people fall victim to phishing scams that cost them their time and their money.

Those emails urgently warning users to update their online financial accounts – they’re fake. That email directing users to download a document from a cloud-storage provider? Fake. Those other emails suggesting the recipients have a $64 tax refund waiting at the IRS or that the IRS needs information about insurance policies – also fake. So are many new and evolving variations of these schemes.

The Internal Revenue Service, state tax agencies and the tax community — partners in the Security Summit — are marking “National Tax Security Awareness Week” with a series of reminders to taxpayers and tax professionals. In part two, the topic is avoiding phishing scams.

Phishing attacks use email or malicious websites to solicit personal, tax or financial information by posing as a trustworthy organization. Often, recipients are fooled into believing the phishing communication is from someone they trust. A scam artist may take advantage of knowledge gained from online research and earlier attempts to masquerade as a legitimate source, including presenting the look and feel of authentic communications, such as using an official logo. These targeted messages can trick even the most cautious person into taking action that may compromise sensitive data.

The scams may contain emails with hyperlinks that take users to a fake site. Other versions contain PDF attachments that may download malware or viruses.

Some phishing emails will appear to come from a business colleague, friend or relative. These emails might be an email account compromise. Criminals may have compromised your friend’s email account and begin using their email contacts to send phishing emails.

Not all phishing attempts are emails – some are phone scams. One of the most common phone scams is the caller pretending to be from the IRS and threatening the taxpayer with a lawsuit or with arrest if payment is not made immediately, usually through a debit card.

Phishing attacks, especially online phishing scams, are popular with criminals because there is no fool-proof technology to defend against them. Users are the main defense. When users see a phishing scam, they should ensure they don’t take the bait.

Here are a few steps to take:

  • Be vigilant; be skeptical. Never open a link or attachment from an unknown or suspicious source. Even if the email is from a known source, approach with caution. Cybercrooks are adept at mimicking trusted businesses, friends and family. Thieves may have compromised a friend’s email address or they may be spoofing the address with a slight change in text, such as name@example.com vs narne@example.com. In the latter, merely changing the “m” to an “r” and “n” can trick people.
  • Remember, the IRS doesn’t initiate spontaneous contact with taxpayers by email to request personal or financial information. This includes text messages and social media channels. The IRS does not call taxpayers with threats of lawsuits or arrests. No legitimate business or organization will ask for sensitive financial information via email. When in doubt, don’t use hyperlinks and go directly to the source’s main web page.
  • Use security software to protect against malware and viruses. Some security software can help identity suspicious websites that are used by cybercriminals.
  • Use strong passwords to protect online accounts. Each account should have a unique password. Use a password manager if necessary. Criminals count on people using the same password repeatedly, giving crooks access to multiple accounts if they steal a password. Experts recommend a password have a minimum of 10 digits, including letters, numbers and special characters. Longer is better.
  • Use multi-factor authentication when offered. Some online financial institutions, email providers and social media sites offer multi-factor protection for customers. Two-factor authentication means that in addition to entering your username and password, you must enter a security code generally sent as a text to your mobile phone. Even if a thief manages to steal usernames and passwords, it’s unlikely the crook would also have a victim’s phone.

The IRS, state tax agencies and the tax industry are working together to fight against tax-related identity theft and to protect taxpayers. Everyone can help. Visit the “Taxes. Security. Together.” awareness campaign or review IRS Publication 4524, Security Awareness for Taxpayers, to learn more.