It seems like each year, there are more and more tax scams that kick into high gear right after the New Year. This is because tax season is upon us. As the tax man cometh, so does the tax scam, especially online.
You may recall that last year, the IRS reported an alarming rise in the number of fraudulent tax returns filed, using compromised identities in order to get tax refunds the legitimate taxpayer was entitled to. Unfortunately, the criminals doing this were the recipients of these refunds and the actual taxpayer was often unaware this had happened until they tried to file their actual tax return.
The increased alarm this year is in part due to the massive Equifax data breach that was reported last summer. That data breach was unique as it was the first time that a credit bureau had been breached. Because they are a credit bureau, you may not have realized how much personal data that they have on file for you. The exposure was reported to be nearly half the population of the United States. Literally hundreds of millions of Social Security numbers and other private information related to your personal identity may have been released. To date, the impact is not truly known.
Many security experts are concerned that this year could see a record number of fraudulent tax return filings due to the massive amount of information from the Equifax data breach that may be in the hands of bad actors. We likely will not know for sure until tax season has passed.
Many tax professionals are advising that individuals file their tax returns as early in the tax season as possible. In effect, try to beat the hackers by filing before they do. That is one way to potentially prevent a fraudulent filing in your name. However, you have no way of knowing if you could be a victim, nor will you know until you actually file. As the cliché goes “the best defense is a good offense,” thus the recommendation.
There are several other tax scams to be aware of as well. The most common are phishing email campaigns that try to trick you to open attachments or click links that will compromise your system, allowing the hackers to steal your personal information. Remember the IRS will never send you an email attachment, nor a link to click and then enter private information. Nor will the IRS ask you to make a payment via email or link within an email. If you owe money to the IRS, you will always receive a paper bill, in the mail. Even at that, it’s a best practice to call the IRS and verify the validity of that notice.
If you use a tax preparer, check with them for their guidance before doing anything online. While many are able to e-file, do so at your preparers direction, not from unsolicited email messages. As with just about everything in life and online, common sense is your best defense. If it doesn’t seem right, don’t do it.
You even need to be careful using your social media accounts. I’m sure you’ve seen people posting their responses to what seem like fun lists of information. These are posts you will see from friends that list places they have been, what their first pet was, states they have lived in and more. While these seem like fun and innocent things to do, they expose information that can be used to help compromise your personal identity through social engineering when combined with other information about you. So think twice before participating in these, as tempting as they are.
The IRS maintains a page devoted to communicating tax scams and consumer alerts at www.irs.gov/newsroom/tax-scams-consumer-alerts. I recommend you check that page whenever you have a concern about a potential tax scam. Currently, the page lists the following scams considered to be actively in use: IRS-impersonation telephone scams, scams targeting tax professionals, soliciting W-2 information from payroll and human resources professionals, email, phishing and malware schemes and fraudsters posing as taxpayer advocacy panel.
What is important to recognize from this list is that in addition to the actual taxpayer, tax preparers are a target. Obviously, these firms have access to a wealth of private information that includes everything a hacker would need to impersonate someone. It stands to reason they would be a target and these firms have an obligation to do everything that they can to protect the private information that is in their trust. Similarly, HR departments are a target, for the personal and payroll information that they have access to. They too, just have robust defenses and procedures in place to protect this information and prevent unauthorized release.
I posted about this on my blog, earlier this week. I will continue to monitor for new information as it becomes available. Hopefully, this information will help you maintain the safety of your personal information and ensure that your tax information and hopefully refund, remains yours and yours alone.
MJ Shoer is director, Client Engagement and vCIO at Onepath, with offices in New England and the Southeast. Onepath is the one source for all things to do with designing, deploying and supporting and maintaining technology – from cable to Cloud. He maintains a blog about IT at www.mjshoer.com and may be reached at mshoer@1path.com.