In a world where a simple smartphone substitutes for a wallet, a browsing device, and a GPS navigation tool, protecting sensitive personal data has become increasingly challenging. This vulnerability does not begin or end with cell phones or personal computers. Virtually every device connected through wi-fi or otherwise can constitute a point of access leading to a breach of personal information.
1. Recognize a tax scam
With each new tax season, the IRS spearheads various educational and informational campaigns for taxpayers and tax professionals to bring awareness to the newest tax scams and propose safeguards meant to mitigate these threats.
As tax scams take many shapes, such as phone calls, letters, and emails, the IRS reminds taxpayers it will never initiate contact with taxpayers by email, text messages, or social media channels to request information. In most cases, the IRS initiates contact through regular mail delivered by the United States Postal Service.
Tax scams do not necessarily have a preferred target. For years, scams have been quick to adapt, diversify, and reinvent how they will attempt to steal taxpayer data. Business entities, not-for-profit organizations, and payroll processing operators have all been the object of such attempts. Reflective of the current times, one of the latest tax scams is pandemic-related. According to the Federal Trade Commission (FTC), tax scammers are targeting taxpayers with emails that promise them a third Economic Income Payment (EIP) if they “access the form for additional information” and accept “to get help” with application. Taxpayers are then tricked into disclosing personal information.
Another standard method for identity thieves to obtain taxpayer-sensitive data is phishing emails or SMS/texts that seek to obtain taxpayers’ passwords, bank account numbers, credit card numbers, and Social Security numbers. Two traits these attempts have in common are:
1) they appear to be from a known or trusted source; and
2) they tell a story and have an urgent tone requesting immediate action.
2. Protect yourself against a tax scam
Knowing about different types of tax scams is only a part of the safeguarding process. Prevention is key.
Taxpayers can help fight back against these types of attacks by reporting tax-related illegal activities to the IRS and the Treasury Inspector General for Tax Administration. Taxpayers should use Form 3439-A , Information Referral if they suspect an individual or a business is not complying with the tax law. Phishing emails can be forwarded to firstname.lastname@example.org, whereas impersonation telephone calls can be reported on www.tigta.gov.
The IRS advises taxpayers to take necessary steps to keep their computers safe, using strong passwords, using a firewall, virus and malware protection and/or file encryption for sensitive data. Email attachments should always be treated with caution, especially when not expected. When taxpayers receive an email from a party with whom they are not acquainted, the taxpayer should verify the name and credentials of that person with the company directory, website, etc. that person claims to be part of.
Some of the IRS’s suggested best practices for taxpayers include:
- do not carry your Social Security card routinely;
- do not overshare personal information on social media – such as past addresses, a new car, new home or details about children or close relatives; and
- keep old tax returns and tax records under lock and key and shred any tax documents before trashing.
3. Immediate steps to be taken upon discovery of identity theft
1. Apply for an IP PIN.
Beginning in 2020, taxpayers can apply for an IRS Identity Protection PIN (IP PIN), a six-digit number issued by the IRS directly to the taxpayer that prevents someone else from filing a tax return using the taxpayer Social Security Number or Individual Taxpayer Identification Number. You can learn more about the IP PIN in the December 10, 2021 issue of This Week In Tax.
2. Go to the governmental website.
Head to www.identitytheft.gov where directions and useful resources are tailored to specific types of situations and cases of identity theft. One such example of a tailored set of actions for someone who just discovered an unauthorized party has opened a bank account in their name includes:
- calling companies where individuals believe fraud occurred;
- placing a fraud alert and getting credit reports;
- reporting the identity theft to the FTC; and
- filing a report with the local police department.
3. Act fast.
The damages and losses stemming from identity theft can be contained if immediate steps are taken. For example, an individual who just discovered someone used their personal information to open a credit card, may determine if that person also used the information to file a fraudulent tax return in order to claim a refund. This can be accomplished by creating an IRS online account and checking the history of tax filings. IP PINs mentioned earlier are reliable tools in preventing unauthorized parties from filing returns.
Count on Friedman LLP
Identity theft is traumatic – both emotionally and financially. At Friedman LLP, we adhere to the strictest industry standards in protecting our clients’ personal information while proactively keeping our clients informed of all resources available to them to prevent or mitigate identity theft. Contact your Friedman LLP advisor to learn all you can do to protect you, your family, and your business.