Americans taxpayers are too lax about identity theft, according to a poll from CyberScout.
A survey conducted by the data security and identity protection firm found more than half of Americans aren’t worried about tax fraud, despite federal reports showing identity thieves filed 787,000 fraudulent returns in 2016, which adds up to more than $4 billion in fraud.
The survey also found that only 35% of taxpayers ask their preparers to use two-factor authentication (which is stronger than a single password) to protect their information. On top of that, only 18% use an encrypted USB drive to save tax documents that contain sensitive information. When it comes to choosing a tax preparer, 50% of respondents said they chose their tax preparers online, didn’t screen them beforehand or weren’t sure how to evaluate a tax preparer at all. CyberScout said this puts consumers at risk of getting scammed. Finally, more than half (51%) of taxpayers expecting refund checks in the mail don’t use a locked mailbox.
These findings come from a nationally representative survey of more than 1,500 Americans aged 18 and over commissioned by CyberScout, using Google Consumer Survey.
“In tax season, it is crucial that everyone remain vigilant and on high alert to avoid tax-related identity theft or phishing schemes,” said Adam Levin, founder and chairman of CyberScout and author of “Swiped.” Levin is also the co-founder of Credit.com.
How Taxpayers Can Protect Themselves
Tax season is one of the busiest times for identity thieves, but there are steps taxpayers can take to protect themselves. Here’s what CyberScout recommends:
Use a password-protected Wi-Fi connection when filing your taxes. Use a long and complex password — not just for your Wi-Fi but also for any accounts you’re using during the tax-filing process.
Get your return via direct deposit. If you must receive a return check via mail, have it sent to a locked mailbox.
Ask your tax preparer to use two-factor authentication to protect your documents and personal information.
Use an encrypted USB drive to save sensitive tax documents.
Never give information to anyone who contacts you by phone or online claiming to be from the IRS. The IRS will never contact you this way.
Monitor your accounts and online identity for any signs that your identity has been stolen. For example, if you see a sudden, unexpected change in your credit scores, it could indicate your identity has been stolen. You can easily get a look at your credit by using our free credit report snapshot, which is updated every 14 days.
While you’d never know it if you listen to politicians on the right and left argue, there are some truths out there, things that don’t yield to debate. I’m talking basics, like it’s easier to walk through an open door, and the Internal Revenue Service shouldn’t be in the business of providing open doors to pervasive forms of fraud.
Are you rolling your eyes? Well, it’s happening once again at everyone’s favorite punching bag, the Internal Revenue Service. Granted, past fails haven’t been intentional—whether we’re talking about the “Get Transcript” hack that affected 700,000 taxpayers or this year’s E-File PIN attack that involved more than 464,000 unique Social Security numbers. There was incompetence and a lack of farsightedness in those instances, for sure, but the latest wrinkle at the IRS has the agency turning a blind eye to crime. It has been happening in broad daylight without the slightest twinge of worry that maybe someone should, you know, maybe do something about it — that is, until this month.
Undocumented Workers Using Stolen Social Security Numbers
Forget about Obama’s “path to citizenship.” Forget about “amnesty.” This goes beyond partisan bickering over a label.
I first became aware of the issue through the lens of right-wing media and almost dismissed it due to my own political assumptions. To be fair, it was so poorly reported and exclusively discussed on conservative websites like Breitbart, All That’s News and the Tea Party Patriots.
The story, featuring undocumented workers stealing Social Security numbers to apply for jobs and fill out W-2s under the watchful eye of the IRS, was first made public during a Senate Finance Committee meeting, when Sen. Dan Coats of Indiana asked IRS Commissioner John Koskinen to explain why the IRS doesn’t inform certain victims of employment-related identity theft — specifically people whose Social Security numbers have been used by undocumented immigrants to get work or fill out W-2 forms.
I rationalized these reports as little more than “echo chamber” attacks on Big Government. But a week later I read about it in The Hill. There it was: Koskinen confirming that when the IRS discovers undocumented immigrants have used a stolen SSN to apply for jobs or fill out W-2s but files their taxes using an Individual Tax Identification Number (ITIN) — a number often provided to undocumented immigrants to pay taxes — they get a pass from the agency.
According to the report, this will no longer be the agency’s standard operating procedure by January 2017, when the IRS will begin informing victims of employment-related identity fraud.
While that’s great news, it boggles the mind that such a situation could have been allowed to persist. Koskinen’s argument for not implementing a solution sooner was basically that people who want to pay taxes should be able to do so because collecting the revenue is in everyone’s best interest and that the agency could not find an effective way to notify compromised individuals while protecting sensitive taxpayer information on both sides.
While the IRS may be collecting revenue from the undocumented workers who are filing returns, Republicans on the Senate Finance Committee raised concerns of these filers actually receiving refunds from the IRS fraudulently. In theory, if an illegal worker gets a Social Security number, he can file three years of back taxes and claim the Earned Income Tax Credit, providing he can remember all the details of his off-the-books earnings during that time period.
Sen. Chuck Grassley (R-Iowa) asked Koskinen about this theory and Commissioner Koskinen confirmed:
To clarify my earlier comments on EITC, not only can an individual amend a prior year return to claim EITC, but an individual who did not file a prior year return may file a return and claim EITC (subject to refund limitations under section 6511 of the Internal Revenue Code). I would note that filing new returns for prior years would likely be difficult, since filers would have to reconstruct earnings and other records for years when they were not able to work on the books. Section 32 of the Internal Revenue Code requires an SSN on the return, but a taxpayer claiming the EITC is not required to have an SSN before the close of the year for which the EITC is claimed.
When it comes to identity-related tax fraud, nothing is too complex if there’s a payoff. While I can’t say if the situation with unreported employment-related identity fraud as described here has ever been used to make unlawful grabs at Earned Income Tax Credits, this is just one question regarding what is doubtless countless possible crimes that can be committed because the IRS decided employment-related identity fraud should get a pass for the sake of revenue.
The bottom line is that if it can be imagined, it can be achieved. The fact that the IRS has essentially looked the other way when it comes to the unlawful use of personally identifiable information in the face of our identity crime Armageddon is inexcusable.
At the end of the day, this has to stop being viewed as a political issue. Republicans will blame the situation on President Obama’s “amnesty” policies geared toward getting undocumented immigrants integrated as taxpayers (maybe), Democratic voters (probably) and welfare recipients (for sure). In other words, the whole enchilada. Democrats eschew the amnesty label, preferring to talk about “a path to citizenship,” with the very serious goal of creating a safer, opportunity-filled world for immigrants who will (most likely) vote Democratic.
The problem: Neither party sees it as an epic fail.
This story is an Op/Ed contribution to Credit.com and does not necessarily represent the views of the company or its partners.
Identity theft is on the rise in the United States — at least reports of identity theft are way up — and oftentimes, people don’t realize they’re victims until a thief has already made a mess of things.
Some of those messes are more challenging to clean up than others. It sometimes takes years to repair the damage done by identity thieves, and unfortunately, it’s very difficult to prevent it from happening in the first place. Data breaches, security flaws and human errors expose people’s personal information all the time, and there’s often no way of knowing if yours has been compromised until it’s too late.
You can freeze your credit to prevent someone from opening fraudulent accounts in your name (it often carries a fee, depending on where you live), but beyond that, one of the best things you can do to protect yourself from the abuse of an identity thief is to regularly check your credit for signs of fraud. You can spot sudden, unexpected changes in your free credit report summary, which is updated every month on Credit.com, and as soon as you identity something suspicious, act quickly to minimize the damage. The sooner you can figure out what’s going on, the better — identity theft can be quite destructive. Here are some examples of how.
1. Lost Benefits
The way someone abuses your personal information can seriously disrupt your way of life. In 2015, a Tennessee woman found out her Social Security disability check — her sole income — had been canceled because someone had filed a fraudulent tax return with her Social Security number. That fake return led the Social Security Administration to think she had lied about being disabled to the point of being unable to work, even though the IRS had confirmed she was a victim of identity theft.
You could find yourself in a similar situation if you’re a victim of medical identity theft. If someone fraudulently claims your insurance benefits, there might not be anything left for you and your medical needs.
2. Troubles With the Law
Even if you’ve never had run-ins with the law, you could end up with some sort of criminal record, thanks to an identity thief. Jessamyn Lovell found out someone had stolen her identity after the thief was arrested, but that was only the beginning of the issue for Lovell. She received a court summons for crimes the thief had committed in her name, and Lovell had to spend the time and money to make the court appearance and prove she hadn’t done any of the things her name had been fraudulently attached to.
3. Mistakes on Your Credit Report
New account fraud is a common form of identity theft: Someone gets their hands on your Social Security number and uses it to borrow money or open a credit card they never intend to repay. Since the accounts use your Social Security number, they’ll likely end up on your credit report, and that information (which is probably negative) will factor into your credit scores. That’s why a sudden drop in your credit scores could be a sign of identity theft. A credit freeze can prevent new account fraud, but it doesn’t prevent someone from taking over and abusing your current accounts. Even if you have a freeze in place, it’s important to monitor your credit for suspicious activity.
Finding the problem is only the beginning — then you need to fix the errors on your credit report. You can do this by disputing the information with the credit bureaus yourself, but if you have trouble resolving the issues or are overwhelmed by the process, you can also hire someone to help you repair your credit for a fee.
4. Family Drama
You may never find out who the shady character is behind your identity theft — or you could know them all too well. It’s common for identity theft to occur within families, as parents, children and other relatives often have access to each other’s personal information. Sometimes, it happens when a parent has ruined their credit and decides to get a fresh start using a child’s blank slate of a credit report. That robs the victim of the chance to establish their own credit, potentially leaving them to start their adult financial lives with years of a negative credit history they had nothing to do with. Reversing the damage of identity theft generally requires reporting the crime to the police, and people aren’t always willing to do that to their families, even when they’ve been wronged.
5. Messy Taxes
Taxpayer identity theft means someone stole your Social Security number and filed a fraudulent tax return to get a refund before you had a chance to file yours. Of course, you still have to do your taxes, but you’re going to have to do them by hand, and don’t expect a swift refund if you’re owed one. A typical case of taxpayer identity theft can take 180 days to resolve, according to the Internal Revenue Service.
Scammers are targeting taxpayers by sending TurboTax customers fake emails designed to steal people’s personal and account information, according to a Feb. 4 announcement by Intuit, the parent company of the do-it-yourself tax software.
Intuit said the email mimicks the company’s brand and tells recipients they need to confirm their accounts. Here’s what part of the email says, according to a screenshot on Intuit’s website.
“Some information on your account appears to be missing or incorrect! Please confirm your information promptly so you can continue to enjoy all the benefits of your TurboTax account. If you don’t confirm your information, we’ll limit what you can do with your TurboTax account.”
The email is a phishing attempt — phishing tricks people into handing over sensitive information to thieves, usually by imitating a trusted company — and it’s well-timed. Many people have already filed or are about to start the process of filing their taxes, which could motivate concerned customers to make sure their TurboTax accounts are up to date.
If you look closely, the email has hallmarks of a phishing scam: There are some typos, and when you hover over the “Sign in to TurboTax” button in the email, it’s clear the URL is not legitimate. Always be careful about clicking on any emails that ask you to share account or financial details. Doing so could cause you some serious headaches.
Depending on the information people share, the thieves can commit a variety of serious offenses, from credit card fraud to identity theft. Taxpayer identity theft is obviously a concern in this scenario, because giving a thief your tax-software credentials could allow them to file a fraudulent tax return and delay your refund. You can protect yourself from taxpayer identity theft by filing your tax return as soon as possible, before someone with your personal information beats you to it.