Every year the IRS holds a National Tax Security Awareness week together with the national tax industry, and state tax agencies. The main goal of this event is to warn taxpayers, accountants, bookkeepers, and other people about possible threats, data leaks, and how to prevent them. Though the IRS spends a large amount of money on data protection from hacker attacks, phishers are trying to get information from people that are not aware of how to protect themselves against data thefts.
In this article, we’ll highlight the ways thieves act, what to do if you suffered from an IRS ID theft, and how to prevent being assaulted by hackers.
Data security basics for the tax season 2021.
Here Statista shows the number of information leaks and disclosed cases in this infographic:
Before we get to the main points, here is some basic important information for those who are somehow involved in the 2021 tax filing season:
- Update your security software and scan your device for viruses and potential threats from time to time. If you don’t have any security software, consider installing it.
- Before purchasing software, double-check if it can protect your device from malware and won’t let any intruders into your system.
- DON’T click any links in emails or download any files if you don’t know whom the email is from. Scammers often disguise themselves as different people or company representatives.
- Use only unique passwords that you can remember. If you find it hard to make it up, refer to password creators or managers.
- Apply multi-factor authentication everywhere you can. At least two-factor authentication will benefit you as a two-step protection for your online account. Most likely if someone tries to get access to one of your accounts, you’ll get notified and will be able to act on time.
- Pay attention to the links of the websites in your browser. Before you enter any data on a website, make sure the link starts with https where s means that your transfer protocol is secure.
- Don’t make any purchases or enter any data anywhere while connected to a public Wi-fi.
- Make a copy of the necessary data and keep it elsewhere.
This is the bare minimum you have to know and can do, to lower the chance of data theft.
Since you already know the basics of how to protect your data from being stolen, let’s move on to more specific data theft cases.
The main scammers’ goal here is to receive a tax refund in your name. What is tax-related identity theft? It’s basically when hackers take over your personal information together with your Social Security Number (SSN), and file an income tax return instead of you.
How to recognize identity theft?
You may not suspect anything, but here are the red flags to pay attention to:
- The IRS informs you about a tax return that you didn’t file
- You experience issues when e-filing taxes and the system says that the same Social Security Number (SSN) already exists
- You get suspicious emails that you didn’t request or expect
- You suddenly get a message from IRS about creating an account in your name even though you didn’t
- You get updates about your current account сhanges or the account gets disabled despite you not doing anything like that
- You receive tax collection notifications from IRS and you haven’t filed anything yet
- The IRS informs you that you received money from a source unknown to you.
If you noticed something like this, please read the information below and it will help you decide on the next steps.
What to do if you’ve become a victim of tax-related identity theft
First of all, try to figure out exactly what personal information was stolen. It could be credit card credentials or your SSN. If you noticed some suspicious activity from your online accounts, try to terminate all active sessions on all devices and change the password ASAP.
After that, report the loss of data to the department that is responsible for storing it and stay tuned to the measures that the department takes to recover your data.
If you lost your credit card number, you can call your bank and freeze the account to stop scammers from receiving money.
In case you receive a warning from IRS that you may’ve become a tax-related identity theft victim, you should:
- File a Form 14039, Identity Theft Affidavit (a document that proves that your personal information was used to create a duplicate identity or a fraudulent account)
- Continue with your normal tax filing process
- When filing your taxes, attach the form 14039, and wait for the IRS response.
- If you feel like you need more instructions, go to the www.identitytheft.gov website.
Of course, we wish you to never become a scammer’s victim, but find it important to tell you what you can do in case it ever happens.
Now let’s talk about the ways cybercriminals can obtain personal data. You might be surprised to learn that in most cases people give their personal information to scammers themselves. You already know that you shouldn’t enter your personal data anywhere on websites that are not secure, and most likely avoid public Wi-Fi networks. But have you ever heard about phishing emails? Do you know how to recognize them?
In 2019 the FBI reported that scammers stole $57 million from people via phishing. Scammers always disguise themselves as someone you may know. It can even be the IRS, your bank, tax software, tax agency, or a service provider where you buy subscriptions, order food, or clothes, etc.
How to recognize a phishing email?
At first sight, there probably won’t be anything suspicious about the email. Just look at the example below.
Looks like it’s an email from the Netflix team and they ask to update your payment information. But before clicking any links, just look through the whole message once again. “Hi Customer” looks too impersonal, why would they ask you to update your payment method right away instead of visiting the website and logging in to your account? What is also important, check the sender’s email. It has nothing to do with Netflix at all.
Most likely, after following the link you’ll see a website that will look like a Netflix one, it will ask for your login and password information, you enter it and here we go, your data falls into the possession of a fraudster.
Often such emails are composed with a tone of urgency. They push you to click a button or link immediately without letting you think for a while or else you’ll probably recognize the scam.
W-2 data theft
This is a kind of phishing email when someone in a company who does W-2s (wage and tax statement) receives an email from “authorities” with an urgent request to send, for example, reports for the last year or any other period of time. If the scammers receive this information it’s a threat to all employees of the company. Please, remind your employees of the safety rules before each tax season.
How to act if you receive a suspicious email
First, try to understand if you really have anything to do with the organization on whose behalf you received the email. If so, open a new tab in your browser, go to the official website, log in to your account and check if there is any information regarding what you received in the email. If not, contact the support and ask if they sent this email to you or not.
Note that contacting support is also important because you need to notify the company so that it will take action as well and warn users that they may receive scam emails. You may also want to report the phishing attempt to ReportFraud.ftc.gov.
IRS scam phone calls
If you file taxes and have a phone, you might one day receive a call from people who introduce themselves as IRS representatives. Note that the real IRS will never ask you to pay for anything right away during a phone call, via credit, prepaid debit card, gift card, or any other payment method. If the caller tries to threaten you with arrest, deportation, or fine collection, it is 100% a scam.
If you think that the person who calls you is acting suspiciously and emotionally pressuring you while demanding payment, just go to the IRS.gov website and check your tax account online to see if you really do have any debt. Or just call the IRS using the phone number from an official website to verify any claims.
If you find out that the person who called you was a scammer, you can send an email to [email protected] with the subject line: IRS Phone Scam.
Scammers play on emotions, they want you to be scared and will push you to take immediate actions. Please, do not fall for threats and manipulation.
Tax security checklist
Over the years that the Security Summit has existed, the IRS, tax agencies, and partners of the summit created a checklist for taxpayers and tax professionals to refer to before every tax season. This checklist and general awareness of the world of cybercrime will help protect your accounts from being hacked.
So what’s the checklist about? First, “Security six” measures, then, creating a security plan for your data, learning more about email phishing, how to recognize data theft, and a plan on how to recover your data in case it is stolen.
This checklist is published on the official IRS website where you can see a more detailed version.
In the modern world, you need to constantly be aware of how fraudsters operate and protect yourself from them. Luckily there are measures you can take today to not be hacked tomorrow. Be sure to follow the security measures and checklist before every tax season and to stay safe.