Each year, about half of U.S. taxpayers rely on a tax preparer and a tax preparation service to help them file their required tax returns. These professionals offer a wide array of options, from a very simple franchise that plugs in the numbers on the consumer’s behalf to certified public accountants that know the ins and outs of the entire U.S. tax code. From accounting firms to walk-in services like H&R Block, TurboTax/Intuit, Credit Karma or Jackson Hewitt, these tax preparation services often have one major similarity: they are a hot target for hackers and identity thieves.

Trusting an outsider with highly-sensitive personal data is not something that people should take lightly. Having a professional take responsibility for the paperwork, helping to navigate the annual changes to tax laws and even assisting in the event of an IRS audit are all reason enough to pay someone to take care of the filing. However, the sheer volume of personally identifiable information (PII) that a tax preparer must collect and store means there are literal treasure troves of identities waiting to be compromised by a malicious actor.

There are plenty of ways that stolen PII from a tax preparation service can benefit a hacker. First, accessing a stolen return not only means the hacker can file the return for themselves and steal any refunds the consumer was expecting, it also means having the ability to file a fraudulent return every year. Hackers can cause even more harm with information gleaned from a tax preparer’s computer; credential stuffing is another major concern, as the complete information they might steal can be used to access the victim’s other accounts.

There are some important steps that consumers can take to protect themselves when using a tax preparation service. First, people should only choose a professional tax preparer who has a valid IRS Preparer Tax Identification Number (PTIN), but also understand that there are many different services, ability-levels and offerings that a professional can provide. It is also important for a consumer to find out what the preparer’s credentials are—such as having an accounting degree or being a member of a professional organization—before signing on to work with them. Consumers should not hesitate to ask what information the preparer will be able to access, how that information will be stored and for how long, who will be able to access that information and other related questions. There have been many situations where tax preparation services and professionals have been the target of malicious actors and understanding how they are going to safeguard information is just as important as their capabilities.

More guidelines from the IRS are available, but consumers are also cautioned to begin using a nine to ten character passphrase in place of the traditional eight-character password. A passphrase is longer and easier to remember, which makes it both harder for fraudsters to guess and more likely that consumers will deploy a different passphrase for each account.

If someone falls victim to identity theft from a data breach, they can live-chat with an Identity Theft Resource Center expert advisor through the organization’s website, as well as call toll-free at 888.400.5530 for an action plan that is customized to their needs. The free ID Theft Help App for iOS and Android also provides a number of resources for consumers to use in the event of a data breach or suspected identity theft.


You might also like…

Stalker Data Breach Leads to Sale of Users’ Credentials

Non-Traditional Data Compromises Make Up the Latest Week of Breaches

Mystery Shopper Scams Surface During COVID-19

Free credit reports are now available to access every week to help minimize the long-term economic impacts of COVID-19. The continuing crisis surrounding the virus has affected people’s lives in many ways. However, fear of the economic impact is also at the top of many people’s minds. Across the U.S., more than 40 million people have filed for unemployment benefits since the first wave of the coronavirus closures and many business owners have had to shut their doors. Some employees wonder if their jobs will be waiting for them and business owners question whether they will be able to reopen once it is safe to do so.

Fortunately, there is some good news for consumers who are concerned about their financial security. The three major credit reporting agencies are offering free credit reports every week through April 2021.

While the economic impacts can be far-reaching, there are other harmful effects as well. Data breaches continue to happen. At least six states who have established public-facing websites for filing unemployment claims have exposed tens of thousands of users’ identity credentials online. There have already been reports of scammers targeting those seeking assistance with phishing attempts.

Consumers have been entitled to a free copy of their credit reports, up to one copy per year from each of the three major credit reporting agencies—TransUnion, Equifax and Experian. Those reports are readily available from AnnualCreditReport.com and are easy to download. However, requesting further reports after the initial free request (in a twelve-month period) could incur a fee. Now, consumers will be able to access each of their free credit reports every week through next spring with no additional cost.

For consumers, checking and understanding their credit report is vital in order to maintain some control over their financial health. It gives them a clearer picture of their current debt and spending potential, as well as help uncover whether or not malicious actors have been using their identities. Any fraudulent charges, purchases and lines of credit would appear on the credit report, making it helpful for monitoring one’s identity. To request a free credit report, users need to visit AnnualCreditReport.com and enter their information. The report will be available for download almost immediately. For more information on how to request a report and why it is a useful tool, click here. If there are any signs of suspicious activity on the report—such as purchases, new credit cards or too many inquiries from lenders—consumers can contact the Identity Theft Resource Center via live-chat or toll-free at 888.400.5530.


You might also like…

DARK WEB DATA BREACH LEADS TO THIEVES STEALING FROM THIEVES

AERIES DATA BREACH AFFECTS SCHOOL DISTRICTS ACROSS CALIFORNIA

PURPORTED LIVEJOURNAL DATA BREACH LEADS TO 26 MILLION USER RECORDS BEING STOLEN

Some consumers have yet to receive their stimulus check, leaving many wondering why. The Identity Theft Resource Center has seen a sharp increase in “stolen stimulus check” cases. However, not everyone who believes they had their stimulus check stolen finds that to be the case. In fact, there are a handful of reasons why people could still be waiting. With that said, some are legitimately stolen.

The FTC reports that some stolen stimulus checks appear to be from nursing home residents. Nursing homes in several states have made residents sign over their stimulus checks. Other cases involve people committing physical mail theft, like this New York man who stole over $12,000 worth of stimulus checks. Some thieves are going as far as stealing stimulus checks from postal trucks. The Chicago metro saw multiple postal trucks get broken into in April.

No matter how stimulus checks are being stolen, it can be a headache for consumers and something law enforcement is working to stop. If someone believes they are the victim of a stolen stimulus check, they should report it to the Federal Trade Commission (FTC) and the IRS.

  • Victims of a stolen stimulus check can go to IDTheft.gov and click “Get Started”
  • On the next page, which is titled “Which statement best describes our situation,” victims should click the line that says “Someone filed a Federal tax return – or claimed an economic stimulus payment – using my information.”
  • After the victim answers the questions provided, the page will complete an IRS Identity Theft Affidavit for the victim to submit electronically to the IRS, which can also be downloaded for file keeping
  • The website will provide the victim with a recovery plan to follow that includes steps to prevent identity theft
  • The IRS and their “Get My Payment” tool is a way for consumers to learn the status of their payment, including where it was sent. For more information, consumers can visit the IRS’s Economic Impact Payment Information Center and Get My Payment Frequently Asked Questions pages for detailed, and frequently-updated, answers to questions. They also can find information here about payments that the IRS may have deposited to an account that is not recognized.

It is important for consumers to remember that the IRS will never call, email, text or reach out via social media to anyone about a stolen stimulus check or to receive a stimulus check. If someone does, it is probably a phishing scam looking to steal personal information and should be reported to the proper agency.

If someone had their stimulus check stolen, or had another form of government identity theft,  they can live-chat with an Identity Theft Resource Center expert advisor or call toll-free at 888.400.5530. ITRC advisors will walk victims through the process and tell them where they need to go, who they need to talk to, what they need to say and what they need to do.


You might also like…

Contact Tracing Scams Ramp Up as New Technology Evolves Amid COVID-19 Pandemic

Possible Nigerian Fraud Ring to Blame for Unemployment Identity Theft Attack

Five State Unemployment Department Data Exposures Uncover System Flaws

The IRS has started distributing stimulus check payments to the nearly 140 million Americans that are eligible. While many have received their stimulus payment through direct deposit, according to CNN, 60 million Americans are still waiting for their money.

The IRS created a portal in hopes that people would be able to check the status of their stimulus check payment. However, due to overload and glitches being worked out, the website has not worked for everyone.

One reason why people might not have received their stimulus check payment is because they are victims of tax identity theft. However, there are many other reasons why people might not have received their payment that they should explore first:

1. People who are not normally required to file a tax return. Individuals who make less than $12,200 a year (or less than $24,400 for married couples) are generally not required to file a tax return. For the process of receiving a stimulus check payment, these people have to enter their information into a new IRS portal to get their money.

2. Someone’s refund went to a temporary account that was set up by a tax preparer. According to a report by WALA-TV, when people use tax preparation services, sometimes a temporary account is set up to handle the transactions, which could lead to a longer wait for a stimulus check payment.

3. Not everyone got a federal tax refund in 2018 or 2019. Some consumers did not get a refund after their last two tax filings. In fact, if someone owed taxes the last two years, they could still qualify for the stimulus. Only consumers who received a refund from the IRS to a direct deposit account will be processed for stimulus direct payment.

4. Some people’s refunds might have gone to an old bank account. This could happen if someone filed their 2018 tax return with bank account formation that is no longer valid and has yet to file a 2019 tax return. For people who have not filed their 2019 tax returns, the IRS is using information from their 2018 tax refunds.

5. Some people might have filed a paper return in 2019. People who filed their taxes with paper returns will mostly receive their stimulus check by mail because the IRS has stopped processing paper returns until they can reopen their centers.

6. It has been seized by a private debt collector. If someone owes money for private student loans, credit cards or medical bills, their stimulus check could be at risk. The CARES Act does not restrict private debt collectors from taking the check to pay off debt.

7. If there is anyone who does not fall under any of the categories listed above, they could be a victim of tax identity theft. The Identity Theft Resource Center (ITRC) is receiving calls and live chats from victims claiming their stimulus checks were intercepted. According to the Treasury Inspector General for Tax Administration, the agency has already begun to see scammers pose as the IRS to get personal information from payment receipts they can use to steal money. While the IRS Criminal Investigation Unit is doing what they can to combat the problem, they have seen scams that are preying on vulnerable individuals who are not sure how they will get their stimulus check payment.

To avoid falling victim to tax identity theft due to the stimulus check, consumers are urged to not respond to any messages they receive that they are not expecting. Instead, they should contact the company, organization, or entity directly to verify the validity of the message. Also, it is important for people to stay informed about what is happening. The IRS will not contact anyone asking for personal information. If someone receives a phone call, email or text message claiming to be the IRS, it is probably a scam.

If anyone thinks their stimulus check landed in the hands of a thief, they can visit IdentityTheft.gov to get started on a personal recovery plan.

If someone believes they are a victim of tax identity theft, they can live chat with an ITRC expert advisor. They can also call toll-free at 888.400.5530. Callers are encouraged to leave a message due to advisors working remotely. However, they will return calls as quickly as they can.


You might also like…

CHOOSE STRONG SECURITY QUESTIONS/ANSWERS FOR ONLINE ACCOUNTS

“ZOOM-BOMBING” LEADS TO MORE ONLINE CHILD PRIVACY CONCERNS

FINANCIAL DATABASE LEAK LEADS TO OVER 500,000 DOCUMENTS EXPOSED ONLINE

The Treasury Department and the IRS continue towards getting consumers their stimulus checks due to the COVID-19 pandemic. With the distribution of stimulus checks underway, non-filers are now able to get their stimulus payments sooner thanks in part to an online tool that was created to help consumers that aren’t required to file tax returns. However, it is important non-filers know the proper steps to take to protect their personal data and information so they don’t fall for a stimulus check scam.

First, non-filers should go directly to the IRS website, IRS.gov. Always start at the most trusted source.

Second, non-filers should click the tab that says “Non-Filers: Enter Payment Info Here.” If consumers do not see this tab on the front page, they are not on the right page.

Image of irs.gov

Consumers should proceed to click on the “Non-Filers” tab. Once they click on the tab, it should take them to a page that has information on the “Economic Impact Payment” and additional information on what consumers need to provide and what they should expect. The next step is to, once again, click on the tab titled “Non-Filers: Enter Payment Info Here” that can be found in the middle of the page.

Image of irs.gov

Once the tab is clicked on, visitors will be redirected to freefilefillableforms.com. The redirect could feel like a scam. However, if the homepage looks like the one below, consumers are at the right place. (The ITRC has verified that this is a valid redirect)

Image of freefilefillableforms.com

From there all people have to do is hit “Get Started” to begin. Once a profile is created, non-filers will be asked for personal information like their Social Security number, address, dependents and direct deposit information. In this case, it is okay for consumers to provide sensitive information.

However, if anyone receives emails, text messages or phone calls about non-filers filing for a stimulus check, they should ignore it because it is probably a stimulus check scam. People should be going directly to the source, in this case, the IRS, to complete the process.

Since the stimulus package was merely a thought, scammers have increased their efforts around stimulus check scams. It is important for people to never give out personal information over the phone or to anyone they do not know personally. Also, it is important to know the facts. The IRS will not call anyone.

If people have questions regarding non-filers or stimulus check scams, they can live chat with an expert ITRC advisor. For those that cannot access the website, they can call the toll-free hotline (888.400.5530) and leave a message for an advisor. While the advisors are working remotely, there may be a delay in responding but someone will assist you as quickly as possible.


You might also be interested in…

*Last updated June 23, 2020

Right now is a very difficult time for a lot of individuals as concerns around the COVID-19 pandemic continue to be at the top of people’s minds. In addition to the inconvenience of social distancing and isolation and the very real fears for personal health and safety, many people are also facing the stress of reduced hours at work, being furloughed or losing their jobs due to quarantine, and business closures.

There is another equally upsetting issue at hand: unemployment benefits identity theft. A record-setting *36 million people in the U.S. filed for unemployment due to COVID-19. The identity thieves are believed to be just as busy with the filing, too. Some victims have already contacted the Identity Theft Resource Center over complaints of unemployment benefits identity theft.

Unemployment benefits identity theft is nothing new. In fact, it is one of many types of government identity theft that can occur when a scammer uses stolen personally identifiable information to apply for benefits through the government. However, with so many consumers filing at the same time, an unfortunate number of people have already reported that a scammer beat them to it. Their claims have been rejected for being duplicate applications while someone else is now set up to receive their benefits.

Like many forms of identity theft, unemployment benefits identity theft is one that victims may not discover until the damage is done. If a claim is turned down for unemployment benefits due to a duplicate application, it is important for people to contact the unemployment agency immediately; the Identity Theft Resource Center is another resource to guide victims in this challenge (888.400.5530). In the meantime, there are other ways consumers should take action if their claims are rejected:

Place a freeze on your credit report if it’s feasible.

Victims might need to open a new line of credit while they are out of work, but that shouldn’t stop them from placing a freeze. Thawing a credit freeze is extremely simple and quick. This can help block an identity thief who may have their personally identifiable information (since they applied for unemployment benefits in their name) from using it for other purposes.

Monitor accounts carefully.

Once again, if a thief has enough information to apply for benefits, they could have access to other information or accounts. Consumers should keep a careful watch on all of their accounts, including their credit reports, and change any online passwords.

Be aware that applying for unemployment is only one step.

An identity thief may also fraudulently apply for nutrition assistance, WIC, medical coverage or other benefits. If there are any issues involving those services and someone’s identity, people should contact those agencies immediately.

It is a stressful time for many, and scammers are looking to add to it many different ways, including by unemployment benefits identity theft. It’s also exceptionally difficult given the volume of calls and reduction in services from organizations that a victim needs to contact.

However, the ITRC is here for anyone who falls victim to government identity theft. Victims can also live-chat with an expert advisor or download the ID Theft Help App that will allow them to track their steps in a case log, and get on-the-go assistance.

When people think about identity theft, they tend to envision credit card fraud, check fraud or other crimes that can affect their finances. The reality is identity theft crimes fall into several different categories, mostly based on what a thief is after.

While financial identity theft is still one of the most prevalent forms of crime, other types—such as child identity theft, medical identity theft, and even criminal identity theft—are just as harmful. One particularly harmful form of identity theft is known as government identity theft, which manifests itself in different ways based on the use of someone’s government-issued identification or benefits. Here are a few examples, and what to know about government identity theft:

Tax Return Fraud

If a thief manages to get a hold of someone’s personally identifiable information, opening a new credit card is the least of his or her worries. With a Social Security number, an identity thief can file a fraudulent tax return, stealing any potential refund and causing a lot of headaches down the road. Even worse, it can happen every year. In 2019 the IRS reported over 3,500 fraudulent tax returns with nearly $16 million claimed in fraudulent refunds. 

Fraudulent Employment

No one likes the thought of someone pretending to be them, but most people don’t give much thought to someone pretending to be them in order to get a job.  Fraudulent employment means a person’s W2 statements at the end of the calendar year will reflect that they earned more money than they actually did, impacting the taxes owed. It can also potentially land a person in hot water if they are receiving government benefits. If someone is drawing unemployment insurance or if they have been placed on medical restrictions and are drawing disability insurance benefits, it won’t be long before someone comes to collect those funds back due to their “other” job.

Benefits Fraud

Government identity theft is a very common form of it is the fraudulent use of someone’s information to apply for various federal assistance programs. SNAP benefits (commonly referred to as “food stamps”), unemployment benefits, disability benefits or Social Security benefits are all targets. The fundamental problem is that a person’s information is tied to assistance payouts for which they are not receiving. The biggest concern is that the same person could find themselves legitimately in need of these benefits, but will not receive them because they have already been claimed.

One way to put up barriers to government identity theft is to make sure people are safeguarding their information, particularly their Social Security number. Individuals should not carry their Social Security card with them and should never give out their Social Security number unless there is a legitimate reason. Consumers should make sure they are looking over all of their employment records, accounts, and billing statements regularly and very carefully and report any suspicious activity immediately.

If someone is a victim of government identity theft, they can contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. They can also live-chat with an expert advisor.

For on-the-go assistance, people can check out the free ID Theft Help App from ITRC.


You might also be interested in…

Each year, the Identity Theft Resource Center (ITRC) reflects on the previous year’s exploits and anticipates trends for the next. When we first published our thoughts on 2020 back in December, it was stated that we anticipated the identity theft trends for 2020 would include 2020 being the year for privacy. While privacy remains an important topic, the recent changes in the landscape with other cyber issues have changed the conversation.

Data Breaches in Overdrive

Data breaches have continued to occur and the ITRC believes hackers and scammers will shift things into overdrive due to the amount of money that is about to flow through the economy, creating a redistribution of assets.

The coronavirus has forced most companies and their employees to work remotely. While that used to be a luxury, it is the new normal for many who previously haven’t had the experience. That has created a whole new challenge for companies, platforms, service providers and each individual employee.

In this post-COVID-19 shift, the ITRC anticipates breaches will continue to occur at an increased rate, both the number of breaches and the number of records exposed in a single incident. Given that there are a lot of new users that are creating an increase in user-data being housed in databases, it’s easy to see why this will be a potential outcome as a result of shifting workforces.

Increase in User Vulnerabilities Exposed

Security deficiencies are exposed daily, and more rapidly, because of the sheer volume of use of platforms. No one anticipated all of the vulnerabilities that would have to be fixed due to the increase in use. The ITRC has seen a massive shift in those priorities.

Now, issues that might have been well down the road to update need immediate attention because of how organizations have had to shift their use of products and services. Also, those providing those products and services must address the issues now to maintain the integrity of their users’ data.

There are other vulnerabilities with the new remote workforce that will be exploited as they become apparent over the course of the coming weeks and months.

Cybersecurity Issues Exacerbated by Remote Work

The previous 2020 identity theft trends that the ITRC predicted, in all likelihood, will happen. What is now new are the challenges that shifting to remote work as the primary method of working due to COVID-19 entail. All of the problems like ransomware, phishing attacks and patching are still going to be issues. However, they will be exacerbated by this shift in business being done by remote individuals. People who are not accustomed to working from home will be easy prey for hackers and scammers to exploit because of their lack of familiarity with platforms and processes.

Adding to that, companies that moved to stand up a remote workforce quickly may not have the proper policies, processes and employee training in place to guide their workers.

ITRC Is Here For You

Predictions like the 2020 identity theft trends are only educated guesses, based on previous events and information. Businesses, policymakers and the public will have to wait and see how the 2020 trends for identity theft, cybercrime and data privacy play out. Regardless of what happens the rest of 2020, the ITRC will be available, working to teach each person how to fight back against the techniques scammers will use to commit identity theft and support victims through the process of regaining their identities.

For a complete look at the ITRC’s 2019 Data Breach Report, click here.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

You might also be interested in…

With the REAL ID deadline approaching in October, it is time to determine if you should replace your current government- issued ID, as well as be aware of any scams that may pop around near the time of the change.

What is a REAL ID?

Fifteen years ago, Congress passed the REAL ID Act, which set a uniform standard for how individual states issue driver’s licenses and state IDs. Prior to the 9/11 attacks, each state determined the requirements on how to prove your identity and address when applying for identity documents. Once the ID was issued, it was automatically valid in all other states. Because the 9/11 hijackers used legal, state-issued IDs in their attacks, the federal government created guidelines to standardize the credentials required to travel by air or enter federal government buildings.

After numerous delays in the 15 years since the law was enacted, U.S. residents must now decide if they need a REAL ID or to keep their current state-government issues ID.

What To Consider

It’s important to consider your circumstances and if you truly need a REAL ID. If you are planning to travel domestically by commercial airline within the United States, you will need the enhanced ID. However, if you are NOT planning to travel within the U.S. by air or enter a federal government building, then your regular state identification card or Driver’s License is still valid. If your license is valid—whether it is a REAL ID or not—you will still be able to use it as a form of identification for activities like writing a check.

Important Steps

There are some important steps in order to obtain a REAL ID in your state, as well as specific documents you must have. Be sure to check with your state’s DMV or state police website in order to find out what you must bring with you. According to the Department of Homeland Security’s Frequently Asked Questions (FAQs), “At a minimum, you must provide documentation showing:  1) Full Legal Name; 2) Date of Birth; 3) Social Security Number; 4) Two Proofs of Address of Principal Residence; and 5) Lawful Status.”

For example, to apply for the REAL ID card in California, you need to present one identity document that includes your date of birth and true full name. That could include:

  • Valid, unexpired U.S. passport or passport card
  • Original or Certified copy of U.S birth certificate (issued by a city, county or state vital statistics office). “Abbreviated” or “Abstract” certificates are NOT accepted
  • U.S. Certificate of Birth Abroad or Consular Report of Birth Abroad of U.S. Citizen
  • Unexpired foreign passport with valid U.S. Visa and approved I-94 form
  • Certified copy of birth certificate from a U.S. Territory
  • Certificate of Naturalization or Certificate of U.S. Citizenship
  • Valid, unexpired Permanent Resident Card
  • Valid, unexpired Employment Authorization Document (EAD) Card (I-766) or valid/expired EAD Card with Notice of Action (I-797 C)
  • Valid/expired Permanent Resident Card with Notice of Action (I-797 C) or Approval Notice (I-797)
  • Unexpired foreign passport stamped “Processed for I-551”
  • Documents reflecting TPS benefit eligibility

Potential Scams

With any change in government processes, scammers will try to take advantage. Be on your guard against fraud and hoaxes with the REAL ID deadline approaching.

For example, you cannot upgrade your license or ID over the phone, you will not be required to pay a fee or fine for not having a REAL ID and you will never be asked for the information on your license.

You will not receive a fine from the police for driving with a license that is not a REAL ID as long as it is valid. Also, you cannot be turned away at a polling place if you are a registered voter.

When in doubt, simply reach out to your local agency that issues REAL IDs for more information.

Data Storage & Protection

Once you are done with the process of applying for your REAL ID, don’t forget about data storage and protection. Important papers like your W-2 form, Social Security Administration card and other documents (even your devices) should never be unattended, even in a locked vehicle. Once you get home, it is also important to lock up your documents in a safe place to keep people—even people you thought you could trust—from accessing it. This could be a locked filing cabinet or firebox.

If you believe you are a victim of identity theft, you can call the Identity Theft Resource Center toll free at 888.400.5530 to speak with one of our advisors or live chat with an advisor on our website. They will help you create an action plan for your case while directing you on the next steps you need to take.


For on-the-go identity assistance, check out the free ID Theft Help App from ITRC.

You might also like…