MORRIS: Identity theft and your role in protecting your data



By Kyra Morris, contributing editor  |  The Federal Trade Commission (FTC) is the U.S. government’s central repository for identity (ID) theft complaints and provides victim assistance and consumer education.  In 2014, one billion records – Social Security numbers, credit card numbers, health records, and private photos — were taken.   Forty percent of all identity thefts are tax- or wage-related.

In 2015, the IRS “Get Transcript” data breach involved potentially 724,000 compromised accounts.  The thieves were able to transcend a multi-step authentication process that required prior personal knowledge about the taxpayers.  There was also an additional step where several personal identity verification questions typically only known by the taxpayer were correctly answered.

The data breaches and computer thefts are in every sector and are increasingly creative. For example, CEO e-mail is a new scheme that claimed several victims. It involved purported emails from company executives to human resource or payroll personnel requesting personal information on employees.  These were false requests and simply another clever way to obtain information.

How is it being addressed?

The IRS was able to identify and prevent 20 million confirmed identity theft returns from 2011 through September 2015.  The prevention of these suspicious returns protected over $70 billion in fraudulent refunds.  Data models were targeted and a variety of filters determined potentially fraudulent returns.

16_morrisThe IRS has put some other measures in place also.  Direct deposits are now limited to a single account or prepaid card.  Deceased taxpayers’ accounts are locked.  Often even legitimate refunds are held up for months due to a suspicious filing.  As of 2017, all w-2s and 1099s are due to the IRS by January 31.  This gets the actual wage data to the IRS sooner to prohibit fraudulent wage returns being filed.

In 2016, a Security Summit took place with 40 states and 21 tax industry members.  They agreed to align and create information-sharing tools, a stronger cybersecurity framework, along with additional work groups.  A 16-digit verification code on W-2s will be tested and software password requirements for professional products will be upgraded.  A new awareness campaign for all consumers was implemented.

The Law Enforcement Assistance Program was created as a joint effort between the IRS and local law enforcement officers to assist the local law enforcement officers investigating identity theft tax schemes within their jurisdictions.  More than 1,000 state/local law enforcement agencies have participated in this program and over 12,700 requests have been received to date.  Criminals are prosecuted.  The IRS had 1,063 ID theft-related investigations.  This resulted in 748 sentencings with the average sentence of 43 months.

Your role

Consumers must be vigilant.  You must safeguard your data.  Here is a checklist from the FTC website

  • Protect what you have
    • Minimize personal information in wallets or on smartphones
    • Keep personal information secure – locked
  • Be careful what you share
    • Don’t give info unless you know who is asking and why
    • Don’t click on links sent in unsolicited emails
  • Monitor
    • Review mail and financial statements – daily is not too often
    • Get your annual credit report
  • Email
    • Only use secure email techniques to send confidential data –
    • Black out the confidential personal information and account numbers
  • Passwords
    • Longer is better using alphanumeric symbols and special characters like ! $ or *
    • Change passwords often and do not use the same one for everything
  • Dispose properly
    • SHRED documents

Your tax returns

Try to mail your tax returns as early in the season as possible.  If paper-mailing your return, do not put it in outgoing mail.  Take the return directly to the post office.  If filing it electronically, use a secure network.  Your professional tax preparer’s software should be secure, but many public internet applications for electronically filing may not be.  Also, store your returns securely and shred drafts.

IRS imposter scams

Scammers are posing as the IRS.  They call to say you owe taxes.  They may know all or part of your social security number, send follow-up emails, have a fake caller-id, and threaten to arrest you if payment is not immediate.  Here are some basics regarding the IRS:

  • The IRS will not ask to be paid by wire transfer or prepaid card
  • The IRS will not threaten arrest or other punishments over the phone
  • The IRS will not send you emails
  • If the IRS needs to contact you, it will first do it by mail

What victims should do

Report identity theft to the FTC at and get a recovery plan.  Then you should close any financial or credit accounts that were opened fraudulently, and also contact one of the major credit bureaus to place a fraud alert on your records.  Consider placing a credit freeze on your accounts.

We must all work together even though at times the discipline is inconvenient.  Your identity is precious.


Comments are closed.