By now most people know at least one of the security issues out there: identity theft, scamming, phishing, hacking, etc. This section of our web site is to keep you informed in what’s out there and how to keep your identity and personal information safe.
JUST HOW MUCH IS YOUR IDENTITY WORTH?
If you have ever been a victim of identity theft you know the hardship of recovering your identity, as well as the cost and psychological trauma involved in restoring your identity. Below are some examples of what criminals will pay for certain items on the Dark Web:
- Medical Records. Hackers can receive $1,000 for selling an individual’s medical records. The victim’s health insurance is used to purchase prescriptions and medical procedures that can exceed the victim’s benefit limit, leaving the victim with basically no healthcare insurance.
- Medicare ID. Hackers can make $470 per person on the Dark Web for a Medicare ID. With this information, the hackers attempt to scam elderly people into telling them personal information, i.e., names, addresses, birthdays, etc. Recently Medicare removed Social Security numbers as the account number.
- Newborn Social Security Number. Identity thieves usually sell newborn Social Security numbers for $1.83. Social Security numbers are assigned at a very young age and really aren’t used for anything until the individual is older, allowing their number to be sold and re-sold over and over again for many years.
- REMEMBER: With so many free password-cracking programs available to hackers on the internet, it only takes a hacker a few minutes to crack a password but the victim of identity theft will spend months or even years trying to regain their credit and name.
- Today most people use smart phones or tablets. Please remember both are basically a tiny computer and need to be secured just like a computer or laptop. Whether you use your phone for everything (paying bills, office work, etc.) or just use it as a phone (calling and texting), you have personal information in that little device, so be sure to have good virus protection software installed and/or use a VPN (virtual private network).
- Always use security software with a firewall and anti-virus protection and be sure the security software is always turned on and can automatically update. Never download “security” software from a pop-up ad. A popular pop-up ad is one that indicates it has detected a virus on the computer and directs you to download a security software package. Don’t do it! It most likely will install some type of malware. Reputable security software companies do not advertise their product like this.
- Encrypt sensitive files such as tax records that are stored on the computer. Use strong passwords. The longer the password, the tougher it is to crack. Don’t use the same password for all of your accounts. If the password is stolen, it can be used to break into multiple accounts. Don’t share passwords on the phone, in texts or by email. Legitimate companies WILL NOT send messages asking for passwords. Keep your passwords in a secure place.
- Learn to recognize and avoid phishing emails, threatening phone calls and texts from thieves posing as legitimate organizations such as banks, credit card companies and government organizations, including the IRS. Do not click on links or download attachments from unknown or suspicious emails.
- Protect personal data. Don’t routinely carry a Social Security card, and make sure tax records are secure. Treat personal information like cash; don’t hand it out to just anyone. The easiest way for criminals to steal sensitive data is simply to ask for it. Social Security numbers, credit card numbers, bank and utility account numbers can be used to steal money or open new accounts. Every time a taxpayer receives a request for personal information, they should think about whether the request is truly necessary. Scammers will do everything they can to appear trustworthy and legitimate.
- Back up files. No system is completely secure. Copy important files, including federal and state tax returns, onto a removable disc or a back-up drive, and store it in a safe place. If storing sensitive tax and financial records on a personal computer, use a file encryption program to add an additional layer of security.
- Instead of paper checks with pretty pictures, elect to purchase high-security checks. These checks contain several different features to prevent check fraud including watermarks, heat sensitive ink, holograms, fluorescent invisible ink, etc.
- Most banks now offer the option to set an “alarm” if a certain amount is withdrawn from your account. Every time that specified amount or more is drawn from your account, you will receive a text message or email informing you of this withdrawal. If you know you haven’t drawn that amount, contact your bank immediately.
CHOOSING A TAX PREPARER
When choosing a tax preparer, do your research. Tax preparers can be frauds, promising a larger refund, making false claims on your return, and depositing your refund in their own bank account. Taxpayers must remember that the taxpayer is legally responsible for what’s on their return even if the return was prepared by someone else.
The IRS has a Directory of Federal Tax Return Preparers. You can search through name, city, state and zip code of qualified preparers. Protect yourself and use only tax preparers found in this directory.
FAKE INSURANCE TAX FORM SCAM
Both tax professionals as well as individuals should be made aware of this scam.
Scammers are using tax professionals to access clients’ annuity and life insurance accounts. The scammer gains access to the tax professional’s account and steals the client’s email address. In turn the scammer impersonates the tax professional and sends an email to the client attaching a bogus insurance form and requesting the client completes this form and returns it to the tax professional via fax or email. The email is VERY similar to the tax professional’s email address but slightly different. The tax professional’s email may be firstname.lastname@example.org and the bogus email address may be email@example.com. The subject line of the email will vary but may express something along the lines of “urgent.” After the client forwards the form, the scammer uses the personal information to either take out a loan or make a withdrawal from those accounts.
IS IT THE IRS OR IS IT A SCAM?
The IRS does not initiate contact with taxpayers by email or text message to request personal or financial information. The most common scams are phone calls and emails from thieves who pretend to be from the IRS. Scammers use the IRS name, logo or a fake web site to try and steal money and even identity from taxpayers.
Phone Calls: Criminals are able to “spoof” caller ID numbers which can look like it actually is the IRS calling. Taxpayers need to be very cautious of phone calls or automated messages from someone who claims to be from the IRS. Often these criminals will tell the taxpayer he/she owes money. They also demand payment right away. Other times scammers will lie to a taxpayer and say they are due a refund. The thieves ask for a bank account information over the phone. The IRS warns taxpayers NOT to fall for these scams.
IRS employees will NOT:
- Call demanding immediate payment. The IRS will not call the taxpayer without first sending a bill in the mail.
- Demand payment without allowing the taxpayer to question or appeal the amount owed.
- Require the taxpayer pay their taxes a certain way. For example, demand taxpayers use a prepaid debit card or iTunes card.
- Ask for credit or debit card numbers over the phone.
- Threaten to contact local police or similar agencies to arrest the taxpayer for non-payment of taxes.
- Threaten legal action such as a lawsuit.
- The IRS will not leave a prerecorded message asking a taxpayer to call back.
- The IRS never uses text messages or social media to discuss personal tax issues such as billing and refunds.
If a taxpayer doesn’t owe tax or think they don’t owe any tax, they should:
- Not give out any information. Hang up immediately.
- Contact the Treasury Inspector General for Tax Administration. Use TIGTA’s “IRS Impersonation Scam Reporting” web page to report the incident.
- Report the incident to the Federal Trade Commission. Use the “FTC Complaint Assistant” on the FTC.gov. Please add “IRS Telephone Scam” to the comments of your report.
- Report the caller ID and/or callback number to the IRS at firstname.lastname@example.org (Subject line: IRS Phone Scam).
E-mails: In most cases, an IRS phishing scam is an unsolicited email that claims to come from the IRS. Criminals often use fake refunds, phony tax bills or threats of an audit. Some emails actually will link you to a web site that looks real. The scammers’ goal is to have the taxpayer click on that link and give up their personal and financial information on the fake web site. If the scammer is successful, they use that information to steal a victim’s money and their identity. Always remember, the IRS does not initiate contact with a taxpayer through email to request personal or financial information. This information will be requested by the IRS through mail delivered by the United States Postal Service.
If you owe tax or think you owe tax to the IRS:
- Go to IRS.gov to see the actual amount owed (view tax account information online). Taxpayers can also review their payment options.
- Call the number on the billing notice or call the IRS at 800-829-1040.
For those taxpayers who get an email from the IRS requesting personal information:
- Don’t reply to the message or give out your personal or financial information.
- Forward the email to email@example.com.
- Do not open any attachments or click on any links. They may have malicious code that will infect your computer or cell phone.
- Delete the original email.
Text Message: If you receive a text message from someone claiming to be from the IRS, follow these instructions.
- Do not reply.
- Do not open any attachments.
- Do not click on any links.
- Forward the text as-is to the IRS at 202-552-1226 (remember that standard text messaging rates may apply).
- If possible, in a separate text, forward the originating number to the agency at
- Delete the original text.
Web site: If you come across a web site that appears to be the IRS but you suspect it to be bogus, you should:
- Send an email with the URL of the suspicious site to firstname.lastname@example.org.
- Include a subject line of “suspicious web site.”
Home Visits: The Internal Revenue Service has created a special new page on IRS.gov to help taxpayers determine if a person visiting their home or place of business is from the IRS or an imposter.
With continuing phone scams and in-person scams taking place, remember IRS employees do make official, sometimes unannounced visits to delinquent taxpayers as part of their routine casework.
The reasons these visits occur and how to verify if it is the IRS knocking at your door fall into three categories:
- IRS revenue officers will sometimes make unannounced visits to a taxpayer’s home or place of business to discuss taxes owed or tax returns due. Revenue officers are IRS civil enforcement employees whose role involves education, investigation, and when necessary, appropriate enforcement. Be sure to get their business card and credentials before leaving the officer in your home or business.
- IRS revenue agents will sometimes visit a taxpayer who is being audited. That taxpayer would have first been notified by mail about the audit and set an agreed-upon appointment time with the revenue agent. Also, after mailing an initial appointment letter to a taxpayer, an auditor may call to confirm and discuss items pertaining to the scheduled audit appointment. Be sure to get their business card and credentials before leaving the agent in your home or business.
- IRS criminal investigators may visit a taxpayer’s home or place of business unannounced while conducting an investigation. However, these are federal law enforcement agents, and they will not demand any sort of payment. Criminal investigators also carry law enforcement credentials, including a badge.
IRS representatives will always provide their credentials, called a pocket commission and an HSPD-12 card. Taxpayers do have a right to see these credentials. The taxpayer can request additional ID for verification. Also, upon request, the IRS is able to provide a toll-free employee verification phone number.
For more information, visit “How to know it’s really the IRS calling or knocking on your door” on IRS.gov.
The IRS has assigned a small number of accounts to private-sector collection agencies to collect taxes from taxpayers with overdue federal tax accounts. If you do owe taxes—or think you do—stay alert to scams that use the IRS as a lure. Tax scams can happen any time of year, not just at tax time. For more information, visit “Tax Scams and Consumer Alerts” at IRS.gov.
The process used when a taxpayer’s overdue taxes are passed on to one of four collection agencies used by the IRS is as follows:
- The IRS will send the taxpayer a letter to let them know their case is being turned over to a collection agency. The collection agency will also send the taxpayer a letter confirming they have been assigned to the taxpayer’s account.
- The IRS will assign the taxpayer’s account to only one of the collection agencies they use, never all four.
- The collection agency will…
- Identify themselves and request payment to U.S. Treasury
- Not ask for payment on a prepaid debit or gift card
- Not take enforcement action
Taxpayers who receive the IRS phone scam or any IRS impersonation scam should report it to the Treasury Inspector General for Tax Administration at its IRS Impersonation Scam Reporting site and to the IRS by emailing email@example.com with the subjective line “IRS Impersonation Scam.”
Giving to a charity can be very fulfilling. However, taxpayers should be cautious about groups masquerading as charitable organizations to attract donations from unsuspecting contributors.
Some basic tips offered by the IRS for taxpayers making charitable donations:
- Be aware of charities with names that are similar to familiar or nationally known organizations. Some phony charities use names or web sites that sound or look like those of respected, legitimate organizations. IRS.gov has a search feature, Exempt Organizations Select Check, which allows people to find legitimate, qualified charities to which donations may be tax-deductible. A legitimate charity will not be afraid to provide their Employer Identification Numbers (EIN), if requested, which can be used to verify that they are legitimate. It is advisable to double check using a charity’s EIN.
- Don’t give out personal financial information, such as Social Security numbers or passwords, to anyone who solicits a contribution. Scam artists may use this information to steal identities and money from victims. Donors often use credit cards to make donations. Be cautious when disclosing credit card numbers. Confirm that the charity is legitimate.
- Don’t give or send cash. For security and tax record purposes, contribute by check or credit card or another way that provides documentation of the gift.
Popular types of scams when it comes to charities are those following major disasters. It’s common for scam artists to impersonate charities to get money or private information from well-intentioned taxpayers. Some scammers operating fake charities may contact people by telephone or email to solicit money or financial information. They may even directly contact disaster victims and claim to be working for or on behalf of the IRS to help the victims file casualty loss claims and get tax refunds.
To help disaster victims, the IRS encourages taxpayers to donate to recognized charities. Disaster victims can call the IRS toll-free disaster assistance telephone number (866-562-5227). Phone assistors will answer questions about tax relief or disaster-related tax issues.
PROTECT YOUR SMALL BUSINESS
Avoid being compromised on line by following these steps:
- Keep your computer and anti-virus software set to update and run automatically.
- Use different and strong passwords for each online account.
- For your mobile phone, check often for software updates and only install trusted apps.
- Contact your phone provider to add a password or PIN to your accounts.
STRENGTH IN PASSWORDS
Recently there’s been new thinking as to how to create a strong password. The suggestion is to create a passphrase of familiar things to you such as a favorite line from a movie or a series of words familiar to you but something that would be difficult for a hacker to guess. Continue to use different passwords or phrases for each account. Also, implementing multi-factor authentication when possible secures your account even more. If a device comes with a factory-set password, change it immediately. The National Institute of Standards and Technology (NIST) has the following suggestions for creating a better password:
- Use items that have meaning to you but that no one else could guess.
- Passphrases should be words that make sense to you but no one else. Good example: Items in your kitchen such as BlackStoveFlowersTwoSinks. Bad example: Names of your children or pets.
- The key is to use words that you can picture in your head.
Tech Support Calls: A scammer will call you claiming to be from a reputable security or tech company and they tell you they found malware on your computer. Chances are, if you haven’t spoken to a tech company, this is a tech support call scam. The scammer will then offer you a solution to repair the “issue” and may ask for remote access to your computer. What the scammer is attempting to do is gain access of your computer and may install malware or pretend to resolve an issue that never existed in order to charge you a fee. What to do: Look up the phone number for the company the person claims to be calling from and call that company back. NEVER allow remote access to your computer.
College Test Prep Scam: This scam is targeted at parents of high school students preparing for college. The scammer claims to be from The College Board (the organization responsible for the PSAT and SAT tests). They call or email the parents asking for credit card numbers so they can send prep materials that the student requested. The scammer will most times have the student’s name, address and phone number so they seem reputable. If they ask you to wire money or use a reloadable card or gift card, you know it’s a scam. What to do: Search for their name plus “scam” or “complaint” and see what other people’s experience has been. Also, talk to another parent or the student’s guidance counselor before paying. Do some research before giving any information over the phone or through email, i.e., credit card information, bank account information, or password information.
- Phishing: Remember, the IRS will never initiate contact with taxpayers via email about a tax bill or refund. Don’t click on emails or fake web sites claiming to be from the IRS.
- Phone Scams: Criminals impersonating IRS agents remain an ongoing threat to taxpayers. They usually threaten with police arrest.
- Identity Theft: Tax time is the worst time for identity theft, although it can absolutely happen year-round. The IRS aggressively pursues criminals that file fraudulent returns using someone else’s Social Security number. Continue to be extremely cautious when giving out sensitive information. Better safe than sorry!
- Return Preparer Fraud: The majority of tax professionals provide honest high-quality service. However, there are some dishonest preparers who set up shop each filing season to take advantage of taxpayers through refund fraud, identity theft and other scams.
- Fake Charities Beware of groups masquerading as charitable organizations. These groups have names very similar to well-known organizations. Research the organization to know where your money is going. See Fake Charities above for more information.
- Inflated Refund Claims: If a tax preparer promises a huge refund, question it. Avoid preparers who ask taxpayers to sign a blank return and promise a big refund before looking at any records or charge fees based on a percentage of the refund. Fake tax preparers use flyers, advertisements, phony storefronts and word of mouth via community groups where trust is high to find their victims.
- Excessive Claims for Business Credits: Avoid improperly claiming the fuel tax credit. This tax benefit is generally not available to most taxpayers. The credit is usually limited to off-highway business use including use in farming. Also avoid misuse of the research credit. Improper claims often involve failures to participate in or substantiate qualified research activities and satisfy the requirements related to qualified research expenses.
- Falsely Padding Deductions on Returns: Avoid the temptation to falsify deductions or expenses on tax returns in order to pay less than owed or receive larger refunds. Think twice before overstating deductions such as charitable contributions and business expenses or improperly claiming credits such as the Earned Income Tax Credit or Child Tax Credit.
- Falsifying Income to Claim Credits: Don’t invent income to erroneously qualify for tax credits, such as the Earned Income Tax Credit. Taxpayers should file the most accurate return possible because they are legally responsible for what is on their return. Claiming false income can lead to taxpayers facing large bills to pay back taxes, interest and penalties. In some cases, they may even face criminal prosecution.
- Abusive Tax Shelters: Don’t use abusive tax structures to avoid paying taxes. Everyone should be on the lookout for people peddling tax shelters that sound too good to be true.
- Frivolous Tax Arguments: Don’t use frivolous tax arguments to avoid paying tax. Promoters of such schemes encourage taxpayers to make unreasonable and outlandish claims, even though they have been repeatedly thrown out of court. The penalty for filing a frivolous tax return is $5,000.
- Offshore Tax Avoidance: It’s never a good idea to hide money and income offshore. Taxpayers are best served by coming in voluntarily and taking care of their tax-filing responsibilities. The IRS offers the Offshore Voluntary Disclosure Program to enable people to catch up on their filing and tax obligations.
- W-2 Phishing: The scammer poses as an internal executive requesting employee Forms W-2 and Social Security Number information from company payroll or human resources departments. The personal information is then used for identity theft and to file false tax returns.
COMMON SCAMS AS REPORTED BY THE CREDIT BUREAU
- “Can You Hear Me Now” and “Yes” calls: The scammer calls you hoping to get the person on the other end of the line to say “yes” and then will use the recorded “yes” to obtain a voice signature to authorize charges over the phone. If you do not recognize the person’s voice, you might want to say something like “This is Jane.” If you suspect the person is a scammer, do not respond. Hang up the phone. On the other hand, if you are the caller, it might be best to identify yourself before asking who you are speaking to, i.e., “Hello, this is Jane. Is this Paul?”
- Car Scams: The scammer targets those looking to purchase a car. The scammer posts a picture of a car on line and gives logical reasons why the price is so low (i.e., they are being deployed in the next several days or they are starting college very soon, etc.). The seller will then ask the prospective buyer to purchase prepaid gift cards in the amount of the sale and share the prepaid codes. The buyer is then told the car will be delivered but obviously the car, since an imposter, does not arrive and the buyer doesn’t hear back from the seller and has lost that money. Remember, if the price is too good to be true, don’t fall for it.
- Fake Bank Apps: Large banks have scammers posing as them who send emails stating they need information from the recipient and ask the recipient to click on a link within the email. Do not click on the link. If you suspect it may truly be from your bank, close the email and go to your bank’s web site to see if this information is needed. Never click on links in suspicious emails. This is all an attempt to collect sensitive information.
- Home Improvement Scams: As the weather gets nicer, home improvement scams begin. Some scammers go door-to-door offering their services, take a deposit and then never complete the work. If you are unsure of the legitimacy of the salesman and are interested in their services, ask for a card and tell them you will get back to them. Do some research on the company by going to the Better Business Bureau web site (bbb.org). Another prime time for these types of scams is after a natural disaster (flooding, hurricanes, tornadoes, etc.)
- Jury Duty Scams: Scammers posing as a police or judicial official call the victim and tell them they did not report to jury duty and therefore owe a fine. The scammers go as far as spoofing the number from which they are calling to make the victim believe it’s a real call.
- Medicare Card Scam: The Federal Government was forced to mail out new Medicare cards with a new 11-digit number. This was due to the fact the senior’s social security number was used for their card number. This was done in an attempt to secure the seniors’ identity. Scammers are calling elderly people and trying to trick them by asking their 11-digit ID number so the scammer can steal their identity. The average elder financial abuse victim’s loss was $36,000.
- Netflix Scam: Scammers have taken to targeting Netflix. They will send a phishing email to subscribers with the subject line stating “payment declined” to get the victim’s attention. They include a fake link in the email asking you to update your information. If you suspect your information may need to be updated, type the Netflix address in the browser instead of clicking on the link.
- Porting Scams: This scam involves stealing your phone number and phone service to get access to your bank account through confirmation text messages. The scammer begins by obtaining your name, phone number and then they gather more information on you such as address, social security number and date of birth. They then contact your mobile carrier and state that your phone has been stolen and ask to “port” the number over to another provider and device. After your phone has been ported to a new device, the scammer can then start accessing your accounts that require additional authorization, such as coded text to your phone.
- Romance Scams: The scammer sets up an account on a dating site with fake information and photos that are too good to be true. Once a target has been zeroed in on, the scammer makes up a story that they would like to visit you but there is a problem with finances and ask if the victim can send money so they can finally meet (another tactic is the scammer will tell the victim they have a sick relative and are in need of money to help them). Seniors are usually the primary target for this scam. Signs that the person you are talking to online is a scammer: They ask you for money and try to lure you off the dating site; they profess love quickly and claim to be from the US but currently are overseas for business/military; they claim to need money for an emergency—hospital bills or travel; plans to visit but can’t because of emergency.
- Shimmer Scams: A shimmer is a very thin piece of paper that can read chips in credit cards and debit cards. The sheet of paper is placed in an ATM and it will read information on the card used. This allows the scammer to create a non-chip version card which contains only the magnetic strip.
- Veterans scams: Scammers offer pension buyouts to veterans or ask them to donate to a charity that sounds real but isn’t real. The scammers can also take the donor’s personal information to create a new identity or even commit more crimes under the veteran’s name.
- Publishers Clearing House Scam: The scammer calls or sends a letter saying the recipient is the winner, but in order to collect the prize the recipient has to send money to pay taxes and fees. The scammer asks the recipient to send payment via Western Union, MoneyGram or a reloadable card or gift card because this form of payment is almost impossible to trace. The real Publishers Clearing House says they will never ask a person to pay a fee to collect a prize.
- Fake Invoice Scam: Scammers have recycled an old phishing scam. They pretend they are a well-known tech company and email a fake invoice to the victim for a supposed purchase of an app or music. The email tells the victim to click on a link within the email. If you haven’t made any such purchase …STOP! DO NOT CLICK ON THE LINK. The scammer is trying to commit identity theft or they may be trying to gain access to your computer and can even lock you out of important files on your computer.
- “Neighbor Spoofing” Scam: When you receive a phone call that has the first 6 digits the same as your number, it can lead you to believe it’s a local call. Scammers are counting on you believing it’s local and therefore you are more likely to pick up. These days it’s very easy to fake caller ID numbers. Remember, if you see what appears to be a local number on your caller ID, it could be fake. If you answer and don’t recognize the caller, hang up.
RECAP ON SECURITY
For families with children and aging parents, it’s important to make sure everyone guards their personal information online and at home.
If everyone in your family uses the same computer, do not turn off any security software or open any suspicious emails. Never click on embedded links or download attachments of emails from unknown sources. Actions by one computer user could infect the machine for all users.
Do not store credit card information on any web site (Amazon, EBay, etc.). Kids & aging parents should be warned against oversharing personal information on social media. Oversharing addresses, a new family car or a parent’s new job gives identity thieves a window into an extra bit of information they need to impersonate you.
Don’t assume ads or emails are from reputable companies. Check out companies to find out if they are legitimate. When you’re online, a little research can save you a lot of money and reduce your security risk. If you see an ad or an offer that looks too good, take a moment to check out the company behind it. Type the company or product name into your favorite search engine with terms like “review,” “complaint” or “scam.” If you find bad reviews, you’ll have to decide if the offer is worth the risk. If you cannot find contact information for the company, take your business and your financial information elsewhere. Even if a site features an ad for another site doesn’t mean that it endorses the advertised site, or is even familiar with it.
Aging parents may also need assistance for someone to routinely review charges to their credit cards or withdrawals from their financial accounts. Unused credit cards should be canceled. An annual review should be made of their credit reports at annualcreditreport.com to ensure no new accounts are being opened by thieves, and reviewing the Social Security Administration account to ensure no excessive income is accruing to their account.
Seniors also are especially vulnerable to scam calls and pressure from fraudsters posing as legitimate organizations, including the Internal Revenue Service, and demanding payment for debts not owed. The IRS will never make threats of lawsuit or jail or demand that a certain payment method, such as a debit card, be made.
Some simple steps—and a conversation—can help the young and old avoid identity theft schemes and scammers.
Here are a few basic tips to recognize and avoid a phishing email:
- It contains a link. Scammers often pose as the IRS, financial institutions, credit card companies or even tax companies or software providers. They may claim they need you to update your account or ask you to change a password. The email offers a link to a spoofing site that may look similar to the legitimate official web site. Do not click on the link. If in doubt, go directly to the legitimate web site and access your account.
- It contains an attachment. Another option for scammers is to include an attachment to the email. This attachment may be infected with malware that can download malicious software onto your computer without your knowledge. If it’s spyware, it can track your keystrokes to obtain information about your passwords, Social Security number, credit cards or other sensitive data. Do not open attachments from sources unknown to you.
- It’s from a government agency. Scammers attempt to frighten people into opening email links by posing as government agencies. Thieves often try to imitate the IRS and other government agencies.
- It’s an “off” email from a friend. Scammers also hack email accounts and try to leverage the stolen email addresses. You may receive an email from a “friend” that just doesn’t seem right. It may be missing a subject for the subject line or contain odd requests or language. If it seems off, avoid it and do not click on any links. You may want to call your friend and see if they sent you an email.
- It has a lookalike or identical URL. Some emails from friends look questionable. Look at the address. If the address looks similar or identical, place your cursor over their address and see if it’s the same address as your friend. If not, delete immediately. If the address matches your friend’s email address but the email has a link to click on and sounds “off,” call your friend to be sure they sent the email. If not, delete immediately. Most likely the email contains malware.
- Use security features. Your browser and email provider generally will have anti-spam and phishing features. Make sure you use all of your security software features.
Here are a few simple steps you can take to protect yourself:
- Avoid suspicious phishing emails that appear to be from the IRS or other companies; do not click on the links—go directly to their web sites instead.
- Beware of phishing scams asking you to update or verify your accounts.
- “Strange” emails. Sometimes you will receive an email with an attachment from someone you know and it may sound “strange,” like something they wouldn’t send. The email address attached to the email may be their actual email address but if you are not 100% sure the sender would send such an email, call the person to be sure they sent you the email. If they tell you they haven’t sent you an email, delete the email; it is most likely malware and could infect your computer.
- Download and install software only from web sites you know and trust.
- Use security software to block pop-up ads, which can contain viruses. Avoid “free” security scans or pop-up advertisements for security software.
- Ensure your family understands safe online and computer habits.
- Look for the “S”. When shopping or banking online, always look to see that the site uses encryption to protect your information. Look for “https” at the beginning of the web address. The “s” is for secure. Unencrypted sites begin with an http address. Additionally, make sure the https carries through on all pages, not just the sign-on page.
- Secure Wireless Networks. A wireless network sends a signal through the air that allows it to connect to the Internet. If your home or business Wi-Fi is unsecured, it also allows any computer within range to access your wireless and potentially steal information from your computer. Criminals also can use your wireless to send spam or commit crimes that would be traced back to your account. Always encrypt your wireless. Generally, you must turn on this feature and create a password.
- Be cautious when using public wireless networks. Public Wi-Fi hotspots are convenient but often not secure. Tax or Financial Information you send through web sites or mobile apps may be accessed by someone else. If a public Wi-Fi hotspot does not require a password, it probably is not secure. Remember, if you are transmitting sensitive information, look for the “s” in https in the web site address to ensure that the information will be secure.
- Change passwords frequently. Although in the past we’ve been told to use a combination of upper case letters, lower case letters, numbers and symbols, the new suggestion is to create a passphrase you can remember, such as a line from a movie or a series of words—the longer the better; for example, CrookedPictureGreenSoap.
Here are a few basic steps to making passwords better and stronger:
- Add password protections to all devices. You should use a password to protect any device that gives you that opportunity. Not only your computer, tablet or mobile phone but also your wireless network. The password is your first line of defense.
- Change all factory password settings. If your device comes with factory password settings, for example the camera on your laptop, change it immediately.
- Longer is better. A password should be a minimum of 10 but longer is better. It should be a combination of upper case and lower case letters, numbers and special characters. Do not use your name, birthdate, sibling’s, pet’s or child’s names. Also, substituting numbers and symbols for letters in words or phrases can make it more difficult for a criminal to crack your password.
- Do not repeat passwords. These days, people often have multiple password-protected accounts. Do not use the same password repeatedly. Should a thief steal your password, he immediately will have access to other important accounts. Use different passwords, especially on important financial or tax accounts.
- Don’t share passwords. Never share passwords on the phone, in texts or by email. Legitimate companies will not send you messages asking for your password. If you get such a message, it’s probably a scam. Keep your passwords in a secure place, out of plain sight.
- Use two-factor authentication options. Many social media and financial institutions now give you the option of setting up a two-factor or two-step authentication process. A two-factor process involves a security code being sent to your registered mobile phone or personal email. This means if a thief manages to steal your user name and password, he will be blocked from accessing your accounts.
- Consider a password manager. One option for keeping track of your passwords on multiple accounts and getting help in creating strong passwords is to use a password manager. Some reputable companies offer free or low-cost versions of their products. See if a password manager might be right for you.
Here are steps you can make part of your routine to protect your personal identity tax and financial information:
- Read your credit card and banking statements carefully and often; watch for even the smallest charge that appears suspicious. (Neither your credit card nor bank—or the IRS—will send you emails asking for sensitive personal and financial information such as asking you to update your account.)
- Review all paper notices and correspondence from the Internal Revenue Service, Department of Revenue, or any other government agency. As long as the notice is official you may need to respond. You might want to seek advice from a tax professional before responding to any income tax notices. Warning signs of tax-related identity theft can include IRS notices about tax returns you did not file, income you did not receive or employers you’ve never heard of or where you’ve never worked.
- Review each of your three credit reports at least once a year. Visit annualcreditreport.com to get your free reports.
- Review your annual Social Security income statement for excessive income reported. You can sign up for an electronic account at SSA.gov.
- Read your health insurance statements; look for claims you never received.
- Shred any documents with personal and financial information. Never toss documents with your personally identifiable information, especially your social security number, in the trash or recycle bin.
- If you receive any routine federal deposit such as Social Security Administrator or Department of Veterans Affairs benefits, you probably receive those deposits electronically. You can use the same direct deposit process for your federal and state tax refund. IRS direct deposit is safe and secure and places your tax refund directly into the financial account of your choice.
- Always use security software with firewall and anti-virus protections. Make sure the security software is always turned on and can automatically update. Encrypt sensitive files such as tax records you store on your computer. Use strong passwords.
- Learn to recognize and avoid phishing emails, threatening phone calls and texts from thieves posing as legitimate organizations such as your bank, credit card company and government organizations, including the IRS. Do not click on links or download attachments from unknown or suspicious emails.
- Protect your personal data. Don’t routinely carry your Social Security card, and make sure your tax records are secure. Treat your personal information like you do your cash; don’t leave it lying around.
- Do not give a business your SSN or ITIN just because they ask. Give it only when required.
- Do not give personal information over the phone, through the mail or on the internet unless you have initiated the contact or you are sure you know with whom you are dealing.
- Secure personal information in your home.
- Whether stored on paper or kept electronically, the IRS urges taxpayers to keep tax records safe and secure, especially any documents bearing Social Security numbers. The IRS also suggests scanning paper tax and financial records into a format that can be encrypted and stored securely on a flash drive, CD or DVD with photos or videos of valuables.
- Now is a good time to set up a system to keep tax records safe and easy to find when filing next year, applying for a home loan or financial aid. Tax records must support the income, deductions and credits claimed on returns. Taxpayers need to keep these records if the IRS asks questions about a tax return or to file an amended return.
- It is even more important for taxpayers to have a copy of last year’s tax return as the IRS makes changes to authenticate and protect taxpayer identity. Beginning in 2017, some taxpayers who e-file will need to enter either the prior-year Adjusted Gross Income or the prior-year self-select PIN and date of birth. If filing jointly, both taxpayers’ identities must be authenticated with this information. The AGI is clearly labeled on the tax return.
- If disposing of an old computer, tablet, mobile phone or back-up hard drive, keep in mind it includes files and personal data. Removing this information may require special disk utility software. More information is available on IRS.gov at How long should I keep records?
If you suspect you are a victim of identity theft, please go to “Identity Theft” on our website’s “Security Awareness” section.