Posts

Tax Identity Theft jumps on Payroll Scams

Do you work for a corporation, especially in the U.S.? You may be at risk for tax return fraud.

9DADP is a payroll provider. Hackers were able to acquire tax information of employees of U.S. Bank from ADP. Now, this doesn’t mean that ADP was directly hacked into. Instead, what happened, it seems, their authentication system was flawed and ADP failed to implement a protection strategy for the personal data to keep it safe from prying eyes.

The crooks registered ADP accounts by using the stolen data of the bank employees. These accounts allowed the crooks to get additional W-2 information—enough to commit tax return fraud. In other words, looks like a W-2 gateway was created to file fraudulent tax returns.

If it happened to U.S. Bank and ADP, it can happen many places else.

ADP says that the breach did not originate from their computer network, but where exactly it did come from is not clear at this point, as there are multiple possibilities including the hacking into of a third party service.

The hackers also used a unique company issued URL. This URL is needed to register an ADP account. It is not known at this point in time if the U.S. Bank URL required credentials to gain access to or not, but since this data breach, U.S. Bank has withdrawn plans to further post the URL online. U.S. Bank has also removed their publicly accessible W-2 form from cyberspace.

Despite the data breach, there were only minimal effects to employees and customers of ADP and U.S. Bank. But the minimal adverse outcome is no reason to let your guard down. Next time, the institutions may not be so lucky.

Solution: Fill out the IRS Identity Theft Affidavit ASAP. Here: http://robertsicilian.wpengine.com/wp-content/uploads/2016/06/f14039.pdf

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention.

Why You should file your Tax Return Yesterday

Someone else might file your taxes if you don’t get to it. And they won’t be doing it as a favor; they’ll be doing it to steal your identity.

9DHere’s how it works:

  • Cyber thieves send fraudulent e-mails to a business’s employees.
  • The e-mails are designed to look like they came from the big wigs at the company.
  • As a result, the targeted employees are tricked into revealing sensitive data about the company’s employees.
  • The crooks end up with all this valuable data—enough to file phony tax returns.
  • This ploy, called spear phishing, has already occurred to major companies.

Recently, the Mansueto Ventures company was hit by a spear phishing attack that singled out the employee payroll data. The hacker/s got ahold of the following employee information: Social Security number, name, address and income.

Employees have been notified, but how many of those employees have not yet filed their income tax returns? Of those, how many will be victims of identity theft because a hacker filed a tax return in their name as a result of obtaining the payroll data?

Again, get to your tax preparer ASAP, or if you normally file the return yourself, what are you waiting for?

Seagate is another company that got spear phished. The W-2 forms of its employees got into the hands of the thief or thieves. Apparently, the data of several thousand employees was stolen.

All it takes is one employee to get suckered into clicking the wrong e-mail. It’s possible for these e-mails to really, truly look like they came from a major decision maker from inside the company. A skilled hacker will carefully construct an e-mail that mimics company e-mail, complete with logo and company colors, and even the full name of the person he’s pretending to be. The e-mail may even address its recipient by name.

How does the thief get this information? It may all begin with the information he finds on a LinkedIn profile. Other bits and pieces may have been gathered off of Facebook or an online article about the person he’s impersonating, right down to that person’s nickname, making the fake e-mail look even more authentic, signing off with that person’s odd nickname.

Have you filed your tax return yet?

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention.

The Rising Risks of Tax Identity Theft

What are you doing to prevent tax identity theft? Do you even know what steps to take? You’d better, because this crime has tripled since 2010, says the FTC.

A report on foxbusiness.com describes tax identity theft as the act of stealing someone’s personal information, then the crook files a phony tax return in the victim’s name to get a refund. The victim will never see it in their mailbox. And that’s only the beginning of the victim’s problems.

First, your complaint that you didn’t get your check will fall on deaf ears; the IRS will think they already sent you the check. Remember, the thief posed as YOU. You then must:

  • File a form explaining you’re a victim of tax ID theft.
  • Provide proof that the SSN is yours.
  • Your complaint will be reviewed, delaying your refund for months.
  • But the game’s not over. The thief didn’t report the income you made on the side teaching group fitness classes. You’re now being charged by the IRS with a tax deficiency.
  • The snowball just keeps getting bigger: The thief may have enough information on you to open credit cards in your name and suck dry your bank account.

How to Protect Yourself

  • Guard your personal information. Never give out your Social Security number (job application, yes; sweepstakes contest, no; to someone over the phone, no).
  • Memorize your SSN and keep your SSN card in a locked place at home.
  • Buy a shredder and make a habit of shredding all personal and financial documents.
  • If you do your taxes yourself, your computer should have encryption software. Never use public (non-secure) Wi-Fi for any tax related transactions; cyber thieves could “see” your data transmissions.
  • When it’s time to mail in the return…do it inside the post office, never at a public mailbox or even your home mailbox.
  • If you can’t do your taxes, get them done by a reputable outfit. You may want to go with someone who’s done the taxes for years for one of your family members or close friends.

Robert Siciliano is an identity theft expert to TheBestCompanys.com discussing  identity theft prevention.

Tax Return Basics: What You must know!

Tax ID Theft

1SThree things in life are guaranteed: death, taxes and tax-related identity theft. Michael Kasper would agree. Someone registered Kasper’s IRS.gov account, requested the document for his 2013 tax return, then filed a 2014 tax return.

The crook used a middleman—an innocent woman who answered his Craigslist ad for a moneymaking opportunity. He sent the money to her bank account, then she wired it to Nigeria, not knowing she was helping the crook.

Kasper’s account got busted into when the crook guessed some information about him, maybe stuff he got off of social media. Go to IRS.gov to secure your account to make it nearly unhackable.

Get Your Tax Transcripts

You can request information via online about your tax returns and transactions for a given year. If you’re not registered yet, you’ll need your Social Security number and instant access to your e-mail account. The step after that is to answer private questions to confirm your identity. Otherwise just log in with your password and user ID.

To receive the information by snail mail, you’ll need your SSN or individual tax ID number, address from your latest tax return, plus birthdate.

Suspiciously Filed Returns

The IRS has been contacting people who are associated with suspiciously filed returns, requesting that they confirm their identity. This is the result of criminals using TurboTax to process returns. The IRS will always make such a request with snail mail, never a phone call, text or e-mail.

If you get in the mail a Letter 5071C from the IRS, there’s only two ways to confirm you are you: 1) Visit idverifty.irs.gov and answer some questions, or call the 800 number on the letter itself.

For this verification process, you should have on hand your previous year tax return, the current one, and any supporting paperwork like Forms 1099 and W-2. You’ll then need to verify you filed the suspect return.

And remember, if you’re on this list and the IRS wants to contact you, it will be by snail mail. Anything else is a scam.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention.

How to identify Tax Scams

The IRS isn’t your biggest enemy during tax season. It’s the criminals who pretend to be IRS reps and then con people out of their money. They contact potential victims chiefly through phone calls and text messages.

9DTypically, the message is threatening in tone and/or content, informing the target they’ll be arrested if they don’t immediately send the IRS owed money. The threat may also be deportation or a driver’s license suspension (that last one is really silly, but people actually do fall for these cons).

The money must be wire transferred or sent via a pre-paid card—and this is one of the tip-offs it’s a scam: Why wouldn’t the IRS accept a personal check like they normally do? The wire transfer or pre-paid card guarantees the crook will never be tracked.

Identifying tax scams is easy! It’s a scam if the scammy “IRS”:

  • Requests a credit card number over the phone or email
  • Requests a wire transfer or pre-paid card over the phone or email
  • The initial communication about owed money is NOT through snail mail.

The aforementioned three points should be enough for you to identify a scam, but to make identification even easier, here’s more:

  • There’s background noise to make you think it’s a busy call center.
  • The caller gives you his “badge number” to sound more official.
  • The caller identifies himself with a common name (i.e., Michael Harris).
  • The phone call coincides with an e-mail (to make things appear more official).
  • The caller hangs up when you say, “I actually work for the IRS myself.”

Scammers’ tricks that can fool you:

  • The caller ID appears it’s the IRS calling. Caller ID can be easily “spoofed”.
  • You get another call from supposedly the DMV or police department, and the caller ID shows this. (Now think about this for a moment: With all the really bad guys out there making trouble, don’t you think the police have better things to do than call people up about back taxes?)
  • The caller may know the last four digits of your Social Security number.

Don’t argue with the caller. Simply hang up (or if you want to have fun, tell them you yourself are with the IRS and listen to how fast they hang up). If you really do owe taxes, call the real IRS and work with an authentic employee to pay what you owe.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention. Disclosures.

Watch Out for Tax Scams!

Spring is here (at least in some parts of the world in the northern hemisphere)! The bees are buzzing, the flowers are blooming, and the accountants are working late because for those in the U.S., it’s tax season! Scammers love tax season—there is a lot of money moving around as people pay taxes and receive tax refunds. And they have developed many ways to take advantage of that and steal your hard-earned money.

http://www.dreamstime.com/stock-photos-identity-theft-red-words-binary-code-computer-monitor-image39907813The Internal Revenue Service (IRS) maintains a list of the scams that they call the Dirty Dozen and have published this again for 2015. It’s a good idea for all of us to familiarize ourselves with these. Here’s the top three.

  • Phone scams. Your phone rings—it’s the IRS stating that you owe money and you must pay it NOW! It can be disconcerting but, never fear, this is a scam. Keep in mind that if you do owe the IRS, they will first contact with you via snail mail before calling. This is the number one scam that criminals are using during tax season so don’t answer your phone (just kidding…just be aware of this).
  • Phishing Hackers imitate the IRS and send an email that asks you to update your e-file immediately. The link then directs you to a bogus website. If you enter your information, the hacker collects any information you enter on the site. Remember, the IRS generally does not send emails, text messages or social media posts to request personal or financial information. If you receive any unsolicited communication that appears to be from the IRS, report it to phishing@irs.gov.
  • Identity Theft. If a cybercriminal gets access to your Social Security number (SSN), they can pose as you and file a tax return under your name, but have the refund sent to them. When you file your tax return, you’ll get a notice from the IRS stating that more than one tax return was filed for you. If you think you are a victim of identity theft or have been in the past, make sure to contact the IRS as they can issue you an identity theft PIN that will be used in addition to your SSN.  Make sure to protect your SSN and do not share it unless absolutely necessary.

Stolen tax returns and tax scams have been growing consistently, leaving many identity theft victims struggling to recoup their lost refunds and identities. To help you, here are some tips to protect yourself this tax season.

  • Protect your data.Store sensitive documents in a fire-proof safe. If you plan to receive documents with sensitive information like your financial information in the mail, make sure you have a mail box with a lock.
  • Shred non-essential paperwork.Check with your accountant to determine what you need and what you don’t. Use a cross-cut shredder to destroy unneeded documents.
  • File early.The earlier you file, the more quickly you thwart any criminal’s attempt to file on your behalf and collect your refund.
  • Be cautious when clicking. Don’t click on any links or email attachments from emails that appear to be from the IRS. Be suspicious of strange emails and websites instead of clicking on links navigate to IRS.gov on your browser directly
  • Protect your devices. Install comprehensive software like McAfee LiveSafe™ service that protects all your PCs, Macs, smartphones and tablets and make sure to keep it updated.

Here’s a great video from the IRS about tax scams and additional information on how to report IRS phishing scams.

Hope you have a safe tax season!

Robert Siciliano is an Online Safety Expert to Intel Security. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked! Disclosures.

Don’t be scammed into paying Back Taxes

It’s easy to scam someone who did something wrong by telling them they need to fix their mistake. This is why thousands of people get scammed into paying back taxes to the IRS—the IRS has nothing to do with these scams, of course, but the predators prey on peoples’ fear of Uncle Sam. It all begins with the fraudster making a phone call, pretending to be an IRS employee.

9DThey have other tricks up their sleeve too, such as making the caller ID show a number that appears to be coming from the IRS and identifying themselves with phony IRS badge numbers. They’ll even leave urgent messages if they get voicemail.

Preying on emotions, the crook gets vulnerable people to give up private information right then and there—enough information for the crook to commit some kind of identity theft crime. When many people hear “IRS,” they get scared. Scammers have ripped off millions of dollars as a result.

The IRS won’t give you a phone call if you’re delinquent in your tax payment. They’ll snail mail you an official notice instead. In fact, the IRS, despite its negative stereotype, won’t use scare tactics or threatening verbiage. Anyone on the phone who does this is pond scum; hang up immediately.

The IRS also won’t ever just up and e-mail you about back taxes. If you see “IRS” in a subject line, do not open it. Instead, forward it to phishing@irs.gov and delete it.

If you want to have a little fun with these thieves, then if you ever get a call from someone claiming to be from the IRS, nonchalantly tell them that you yourself work for the IRS. See what happens.

A woman in Denver, Rachel Fitzsimmons, received calls from the “IRS” telling her they were filing a lawsuit against her. The message was a robotic-sounding female voice that left a call-back number. At first she was unnerved, but then after doing some research, recognized this as a scam. She called back the number, let the man talk a little with the threat, then told him she worked for the IRS (she doesn’t). He immediately hung up. Busted!

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

IRS announces a 66% Increase in Tax Identity Theft Investigations

Tax related identity theft is reaching nightmarish and epidemic proportions. Heed the following to minimize your risk.3D

  • File taxes early. ‘Tis the season for tax fraud, and scammers like to get a jump start from the beginning. File early before the fraudsters file.
  • Use electronic filing. Paying the IRS via e-filing is fast and more secure than the paper method. You’ll also get an e-confirmation of receipt. E-filing also lets you know promptly if another person has filed under your own information.
  • An IRS e-mail is probably a fake. You’ll never get an unsolicited e-mail from Uncle Sam asking for your SSN, date of birth or other private information. Don’t open these e-mails. If you accidentally open one, do nothing more than forward it to phishing@irs.gov.
  • Fake web sites. Telltale signs of a fraudulent site are typos and grammatical mistakes, odd page layouts, an unprofessional appearance and other oddities. Be suspicious if there’s not a tiny yellow padlock and “https” to the left of the URL.
  • Be careful where you store. Never store tax information on an Internet drive or cloud. If it must be stored on a computer, encrypt the drive. Better yet, store it on an external drive or disk that’s encrypted or password protected, and store this in a locked safe.
  • Strong, long passwords and usernames. Use an assortment of characters (letters, numbers, symbols like # and *).
  • Check your annual Social Security statement. It shows all income from U.S.-workers under your SSN.
  • Your tax preparer. Use a reputable, licensed tax preparation firm. There exist many tax fraudsters.
  • Be on red alert. Services that claim to have no or very low tax liability often sock you with very high fees, or divert refunds or take money from returns.
  • Snail mail alert. Monitor reception of tax forms. Take notice if any are late or seem to have been opened. If anything is awry, notify the provider at once to find out when they were sent out.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing  identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.

Tax Season Scams Bite Businesses

There are numerous tax related scams out there. And as a business or even a consumer, forewarned is forearmed.

9DTax relief. Predators scan through tax lien notices to see who’s in deep with the IRS, then offer them tax relief services which are fraudulent. You pay them, and voila, your money not only is gone, but so is the “service.” You’re now further sunk in debt.

  • A fee, usually high, is required in advance.
  • These scams may be advertised on TV and radio.
  • They may also come as an unsolicited snail letter or e-mail, saying that you qualify for some governmental plan.
  • The company offering the solution may suddenly disappear.
  • If some kind of tax payment plan seems too good to be true, assume that it is.

IRS giving away money. When pigs fly. But really, this scam makes its rounds: flyers and ads claiming free money from Uncle Sam, suggesting you can file a return with minimal or no documentation. These postings often appear in churches. People see them and innocently spread the word.

Abuse of 501(c)(3). Numerous types of nonprofit organizations are exempt from certain kinds of federal income taxes. Some organizations will create schemes to become exempt, including ploys that fraudulently shield income from taxation.

Corporate ownership disguise. A third party is fraudulently used to request EIDs (employer identification numbers). The third parties then form corporations that muddle the business’s true ownership standing.

Trust misuse. Transferring assets into trusts may have some legitimacy, but shady promoters have also encouraged people to do this in an improper way. These transactions don’t live up to their promise of reducing taxable income or maximizing deductions for giving gifts or for personal expenses.

Inflated income & expenses. Though some businesses deflate income to lower what they owe, others will inflate it to optimize refundable credits. They may also claim expenses they never paid.

Hiding income offshore. Some people and businesses, to avoid paying taxes, hide income in offshore accounts. They use credit or debit cards, or wire transfers to gain access to their funds. Other people will use employee-leasing schemes, employ foreign trusts, or use insurance plans or private annuities to get access.

Fake forms. Someone files a false information return, like the Form 1099 Original Issue Discount, to validate a fake refund claim on a corresponding return. Some have made false claims for refunds based on the sham theory that the IRS has secret accounts for U.S. citizens and that one can gain access to these accounts with the 1099 OID form.

Ridiculous attempts at write-offs. Businesses claiming crazy, frivolous claims to avoid paying owed taxes like that business trip to Mardi Gras. The IRS will recognize many frivolous tax arguments and will toss them out of court.

Robert Siciliano is an Identity Theft Expert to AllClear ID. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video. Disclosures

14 Busted In Tax Fraud Identity Theft

Calling all identity thieves, stop wasting your time trying to open new credit card accounts or taking over existing credit card accounts, the money is in IRS tax related identity theft.

The IRS is struggling to keep up with all the fraudulent income tax returns coming in via US postal and online filings. Criminals are obtaining millions of Social Security numbers and filing under the victims personal information and collecting their refunds at an alarming rate.

Reuters reports “Fourteen people were arrested on Wednesday and charged with operating a long-running U.S. identity theft ring that filed thousands of fraudulent federal income tax returns to claim $65 million in illegal refunds, according to the U.S. Attorney’s office in New Jersey.”

Criminals are filing thousands of fake returns using real peoples information and collecting millions. The U.S. Attorney was quoted saying “The defendants in this case allegedly tried to steal $65 million using stolen identities to obtain refunds to which they were not entitled.” But they still managed to get $11.3 million. Many of the refund checks were being sent to the same addresses.

The Treasury Inspector General for Tax Administration reports over 2 billion dollars lost annually to tax related identity theft with victims doubling on 2011 to over 641,000. The Treasury also stated that $26 billion dollars could be lost in the next 5 years if the IRS doesn’t fix the problem. The problem stems from the IRS not being able to effectively determine if a return is being filed in good faith or fraudulently.

One way to determine if an online filing is legitimate is to check the reputation of the device issuing the tax return. If the PC, Mac, tablet or smartphone has a history of online criminal behavior or is exhibiting real-time suspicious behavior, the transaction could be flagged for review before the return is accepted or processed. By using advanced device reputation as the first check in the fraud detection process, the IRS would be able to stop many more fraudulent tax returns as well as downstream fraudulent activities.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discussesidentity theft  in front of the National Speakers Association. (Disclosures)