With the amount of personal and financial information traveling through cyberspace, there are plenty of opportunities for them to steal personally identifiable information (PII), tax refunds and other personal details about taxpayers.
According to CyberScout, a data security and identity theft protection firm, most tax payers still aren’t worried about tax fraud, despite warnings from the government and other entities. In its second annual Tax Season Risk Report, poor safety practices and a lack of concern for their data security are leaving consumers extremely vulnerable to hackers.
In 2015, over 700,000 taxpayer accounts were compromised, and since then the Internal Revenue Service (IRS) has implemented a number of changes to mitigate tax fraud and identity theft for taxpayers. The efforts seem to be paying off, as the number of identity theft affidavits filed with the IRS dropped 50 percent in the first nine months of 2016.
Catching fraudulent returns
In addition, the number of fraudulent returns identified before they were processed also confirms the new efforts are working, as 50 percent fewer fraudulent returns made it through the IRS tax processing system. By September 2016, 787,000 fraudulent returns totaling more than $4 billion had been caught by the process. Catching these fraudulent returns also means fewer fraudulent refunds paid by financial institutions. In 2015, banks paid $829 million in fraudulent refunds, but that number dropped to $239 in 2016.
“We’ve reached an extreme level of cyber crime where identity theft has become the third certainty in life. In tax season it is crucial that everyone remain vigilant and on high alert to avoid tax-related identity theft or phishing schemes,” said Adam Levin, founder and chairman of CyberScout.
Keep company info safe
According to Beazley, which provides data breach response insurance, hackers are using a variety of methods to impersonate executives and gain access to companies’ W-2 tax information, and the attacks are expected to increase throughout tax season.
Here are several ways to keep company information safe and suggestions to keep your tax refund out of the hands of fraudsters.
Just like other types of CEO fraud that spoof an executive’s email address and even his or her writing style, fraudsters can employ these same strategies to access employee information or even request a funds transfer according to Beazley. Anyone who receives such a request from an executive, vendor, bank or other institution should verify the request by phone or some other means besides email.
2. What’s on the web?
A company’s website can provide a fair amount of information about executives, including email addresses and other critical details. It’s wise to keep contact information for employees in the finance department off of the website, particularly lower level employees or those responsible for wire transfers, since it makes it harder for thieves to target them for fraudulent schemes.
3. Monitor W-2 requests
Sadly, hackers are making more requests for employee tax information, so beware of any unusual or what Beazley terms “out of band” requests for W-2s. Rarely do CEOs, CFOs or other executives request this type of information from a junior employee.
“Hackers are on the grab right now for W-2s, social security numbers and other personal information in order to perpetrate tax fraud,” said Katherine Keefe, global head of BBR Services in a press release.
4. I need this immediately!
It’s not unusual for a scammer to request that information be sent as quickly as possible. By making the request seem urgent, the fraudster hopes that an employee will respond without considering whether or not the request is genuine because of the threat of a reprimand or some other consequence if the response is delayed in any way.
Companies should have a proper protocol for such requests to protect employees, the information and the company itself from these types of scams.
5. Beware of social media posts
Most people know not to post their travel plans or vacations on social media, but the risks can spill over into the corporate setting. Executives who post their plans can make it easier for scammers to reach out and request employee information or wire transfers while the executive is unavailable to confirm the request.
“These prevention steps are not difficult to implement, but they do require awareness and vigilance at all levels of an organization,” added Keefe.
6. Passwords matter
Tax payers also need to take some specific steps to protect their information. Using strong passwords for your wireless network, computer and various logins will go a long way to make it harder for hackers to access your information.
Security experts have a number of recommendations to keep in mind when selecting passwords:
- Avoid words that are easy to guess — e.g., “password,” birthdate, social security number, or nonsense words that use adjacent letters on your keyboard.
- Don’t use the same password for multiple websites.
- Use a combination of letters and special characters.
- Longer passwords (12-15 characters) provide more security.
- Don’t leave passwords out in plain sight on your computer for easy access.
Don’t validate your information for anyone who contacts you by email or on the telephone. The IRS still contacts tax payers by snail mail. If someone you don’t know calls or emails you for tax information, be very wary and don’t provide any information.
8. Use direct deposit
Having your tax refund deposited directly into your bank account or sent to a mailbox that locks will prevent thieves from stealing your refund checks. The IRS says more than 70 million tax payers will receive a refund this year, but only a third of those recipients have a locked mailbox.
9. File early
Filing taxes earlier in the tax season makes it harder for fraudsters to file on your behalf and access your tax refund. CyberScout says that nearly 43 percent had filed by February, but 57 percent of us were still procrastinating.
10. If you’re a victim…
Tax payers who suspect that someone has stolen their identity for employment purposes or to file a fraudulent tax return should complete form 14039 and mail or fax it to the appropriate IRS office with the requested forms of identification.
The IRS has also launched the “Taxes.Security.Together” campaign to educate businesses and tax payers on how to keep their information safe during the 2017 tax season.