Posts

Tax Season Is Cyber Crime Season

As tax season begins, cyber crime targeting W-2 forms is on the rise. Criminals want W-2 forms so they can file fraudulent tax returns and cash the refund checks. Victims find out about these scams when they attempt to file their legitimate returns, only to be told that a return has already been filed.

tax securityThe U.S. Justice Department, citing Internal Revenue Service data from 2013, reported that 5 million tax returns were filed fraudulently, seeking $30 billion in refunds. Cases of this fraud are believed to be much higher today, leaving victims to wait out a lengthy process of reconciliation before they can get the tax refunds they deserve.

Anyone who issues or distributes W-2 forms needs to take exceptional care with them. Because they contain Social Security numbers and personally identifying information, they are considered protected personal information under state laws.

How to Protect and Safely Distribute W-2 Forms

Criminals attempt to steal W-2 forms in two ways: online and in person. In-person theft simply involves stealing W-2 forms from someone’s mailbox. Criminals know when to look, but they may not know what they are looking for.

You can prevent mailbox theft by distributing W-2 forms online, or by handing them to employees in the office. If you must mail W-2 forms, it is best to do so in a plain envelope with a handwritten return address that looks like a personal letter. Avoid envelopes that look corporate, and absolutely avoid windowed envelopes that show the form or that have printed messages stating that a W-2 is inside.

If you distribute W-2 forms electronically or provide self service for your employees, follow these tips:

  1. Give employees a link instead of emailing a W-2 form. Most payroll providers include password-protected individual employee accounts as part of their service. Take advantage of these so that employees have to download their forms, rather than sending them via email.
  2. If you must email, be sure the email is encrypted. This prevents thieves from capturing the documents in transit. Send W-2 forms only to employee email accounts that you manage, not third-party accounts or free email services that are more easily compromised.
  3. Encourage employees to file early. Early filing is the best defense against a fraudulent claim, and criminals tend to file very early in the season.
  4. Beware of phishing and social engineering scams. Criminals may attempt to harvest W-2 forms by pretending to be accountants, representatives of online filing services such as TurboTax or state or Federal tax agents. Remember that no one will ever contact you by phone, email or text with a legitimate request for someone’s tax documents.
  5.  Warn employees of tax season scams. Send a reminder email that no one from the company and no legitimate government agent will ever contact them to ask for a copy of a W-2, and advise them to be careful responding to requests from trusted contacts, such as their own lawyers and accountants. Follow one simple rule whenever you receive a request for personal information: Call to verify.

Many employees and a large number of business professionals are unaware of the growing number of scams targeting tax documents. These forms contain one of the most valuable pieces of personal information: an individual’s Social Security number. If an attempt to steal employee tax forms from an organization succeeds, it must be treated as a data breach and reported to law enforcement. Employees will need to inform the Social Security Administration of the compromise as well.

W-2 theft is another aspect of phishing and social engineering that businesses can fight with cyber security awareness training. Our CSI Protection Certification succeeds where other programs fail by tapping into the personal desire employees have to keep their own data safe and showing them how those instincts apply in workplace situations. Contact us online to learn more or call us at 1-800-658-8311.

When its Tax Time, Protect Your Identity

Tax time comes around every year, and though you technically have until April 15th each year, if you can, file earlier. There is a good reason for this; you can avoid putting yourself in a position to get your identity stolen.

How Filing Your Taxes Can Compromise Your Identity

Robert Siciliano, CSP, SAFR.MEYou might be wondering how you can become a victim of an identity thief just by filing your taxes. There are a couple of ways scammers do this. First, the thief will use your Social Security number to file taxes, but plug in their mailing address and then when your refund comes around, they take your refund.

The second way that a scammer can steal your identity is that they take your Social Security number, get a job with it, and the employer will report their earnings to the IRS. When this happens, the IRS sees it as very suspicious, and you could get stuck paying a huge tax bill.

In both cases, there could be big problems ahead for you. For example, you might not be able to get a refund or even file your taxes. There is also the chance that they have used your Social Security number to get a loan, a credit card, or cash.

How Thieves Access Your Information

The main question you might be thinking here is this: how would an ID thief get your Social Security number in the first place? Typically, they would do this by hacking. For example, there was the huge Equifax hack. 145 plus million people were affected, and you could have been involved in it. It’s easy, when these breaches happen, hackers bathe in your information.

What Can You Do if You are a Victim?

If you are a victim of a scam like this, there are some things you can do:

  • Submit Letter 5071C to the IRS – This is a form that the IRS will send if your tax return looks suspicious.
  • Submit Form 14039 – This form alerts the IRS that you believe you are a potential victim of tax ID theft.
  • Ask for an Identity Protection PIN – The IRS will give you this number so that it can confirm your identity for your future tax returns.
  • Make a Report to the Federal Trade Commission – You also should file a report with the FTC by going to IdentityTheft.gov.
  • Contact the Tax Office in Your State – Your state’s tax office might have other recommendations based on your personal situation.

If you have tried to file your taxes electronically and get rejected, you should still file a return by mail. Additionally, call the IRS Identity Protection Unit for assistance. An agent can help you start the process of taking care of the problem and ensuring your return is filed correctly.

Written by Cyber Security Expert Robert Siciliano, CEO of Credit Parent, Head of Training & Security Awareness Expert at Protect Now#1 Best Selling Amazon author, Media Personality & Architect of CSI Protection Certification.

Be Aware of These IRS Stimulus Check Scam Tactics

The IRS has taken the step of urging taxpayers to be aware of emails and calls that can lead to people giving up their personal info to cybercriminals.

The IRS has been telling taxpayers to take more care than before during this time. They has also reminded people that the IRS does not call taxpayers to collect or verify financial information in order to get a faster refund. The IRS also will never email nor text you asking for any information.

Cyberthieves have been taking advantage of people in times of trouble, and now that we are literally in the middle of a global pandemic, these scams are definitely on the rise.

Don’t Fall for It!

The IRS has seen many more phishing scams than ever before. It is easier for scammers to get money than you might think. All they have to do is give the IRS fake bank information. In most cases these days, the IRS will direct deposit payments right into the bank accounts of taxpayers. If you have never provided this, you can go online and do it…but so can scammers. If the IRS doesn’t get this information, it begins mailing checks, and of course, these can be intercepted by a scammer.

It is also important that you realize that people who have retired and don’t have to file a tax return simply get a check. They don’t have to do anything, and this makes retirees common targets for cybercriminals. The bad guys often reach out to older people by phone, mail, or email and ask for information such as their bank account number or Social Security number in order to verify their check. But remember…the IRS will never contact taxpayers via phone.

Additional Information

There are a number of signs that something could be a scam, and the IRS wants to remind people of this. Here are some of those signs:

  • In the case of the stimulus checks, the official name is the “Economic Impact Payment.” If you see other terms, like “Stimulus Check” or “Stimulus Payment,” it is probably a fake.
  • If you are asked to sign over a check to someone, it is definitely a scam.
  • If you are asked to verify your financial or personal information via text, mail, phone, or social media, it is a scam.
  • If the check you receive doesn’t look right, it is a scam.
  • If someone contacts you and says you can get your check faster if you give them more information, it is a scam.

How to Report an IRS Scam

If you think you are a victim of this type of scam, you should report it. If you get a fishy email, you should forward it to phishing@irs.gov. Experts also recommend that you don’t engage with cybercriminals on the internet or the phone. You can read more about this on the IRS website.

If you have questions about how the IRS is dealing with the coronavirus pandemic, you can look at the agencies Coronavirus Tax Relief page on the internet.

Finally, consider identity theft protection services. While none of these services will prevent tax related identity theft, there are expert restoration agents on the ready to work with potential victims of this type of crime.

ROBERT SICILIANO CSP, is a #1 Best Selling Amazon author, CEO of CreditParent.com, the architect of the CSI Protection certification; a Cyber Social and Identity and Personal Protection security awareness training program.

It’s Tax Time: Play it Safe or Lose Your Identity

Once again, tax time has rolled around, and though you technically have until April 15th, it’s always best to file a bit earlier…especially if you want to avoid setting yourself up for ID theft.

How Could Filing Taxes Compromise Your Identity?

Here’s how you could become a victim of ID theft just by filing your taxes: the first method is that a thief uses your Social Security number to file taxes, and then they steal your refund. The second method that they use is they take your Social Security number, get a job while using your Social Security number, and then their employer reports that income to the IRS. When that happens, the IRS gets your return, flags it as suspicious, and you could get a big tax bill in the process.

Of course, in either case, you could face some big problems. You could, for instance, be unable to file your own tax return or collect your refund…at least for a while until the IRS sorts it out. You also might find that the thief has used your Social Security number to get credit cards, loans, or other cash that will wreck your credit.

How do Thieves Get Your Information?

The big question here is this: how do the ID thieves get your Social Security number in the first place? Generally, they do it by hacking. For instance, do you remember the Equifax hack from 2017? Millions of people were affected, and you, too, could have been involved in that. It’s possible that thieves could get your Social Security info from hacks just like this one.

What to Do if You are a Victim

If you learn that you are a victim of tax ID theft, there are some things that you can do.

  • Fill out Letter 5071C – This is a form that the IRS sends if it feels like your tax return is suspicious.
  • Fill out Form 14039 – This form alerts the IRS that you believe you are a victim or potential victim of tax ID or regular ID theft.
  • Get an Identity Protection PIN – This is a number that the IRS can give you to confirm your identity on any future returns.
  • Report to the Federal Trade Commission – You should also file a report at IdentityTheft.gov to alert the FTC of the situation.
  • Contact your state’s tax office – Also, make sure to contact the tax office in your state. It might have other recommendations for you.

If you have tried to e-file and get a rejection, you should still file a paper return via mail. Also, call the IRS Identity Protection Unit for help. An agent can get you started on taking care of the issue and make sure your taxes are filed appropriately.

ROBERT SICILIANO CSP, is a #1 Best Selling Amazon author, CEO of CreditParent.com, the architect of the CSI Protection certification; a Cyber Social and Identity Protection security awareness training program.

Tax Identity Theft jumps on Payroll Scams

Do you work for a corporation, especially in the U.S.? You may be at risk for tax return fraud.

9DADP is a payroll provider. Hackers were able to acquire tax information of employees of U.S. Bank from ADP. Now, this doesn’t mean that ADP was directly hacked into. Instead, what happened, it seems, their authentication system was flawed and ADP failed to implement a protection strategy for the personal data to keep it safe from prying eyes.

The crooks registered ADP accounts by using the stolen data of the bank employees. These accounts allowed the crooks to get additional W-2 information—enough to commit tax return fraud. In other words, looks like a W-2 gateway was created to file fraudulent tax returns.

If it happened to U.S. Bank and ADP, it can happen many places else.

ADP says that the breach did not originate from their computer network, but where exactly it did come from is not clear at this point, as there are multiple possibilities including the hacking into of a third party service.

The hackers also used a unique company issued URL. This URL is needed to register an ADP account. It is not known at this point in time if the U.S. Bank URL required credentials to gain access to or not, but since this data breach, U.S. Bank has withdrawn plans to further post the URL online. U.S. Bank has also removed their publicly accessible W-2 form from cyberspace.

Despite the data breach, there were only minimal effects to employees and customers of ADP and U.S. Bank. But the minimal adverse outcome is no reason to let your guard down. Next time, the institutions may not be so lucky.

Solution: Fill out the IRS Identity Theft Affidavit ASAP. Here: http://robertsicilian.wpengine.com/wp-content/uploads/2016/06/f14039.pdf

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention.

Why You should file your Tax Return Yesterday

Someone else might file your taxes if you don’t get to it. And they won’t be doing it as a favor; they’ll be doing it to steal your identity.

9DHere’s how it works:

  • Cyber thieves send fraudulent e-mails to a business’s employees.
  • The e-mails are designed to look like they came from the big wigs at the company.
  • As a result, the targeted employees are tricked into revealing sensitive data about the company’s employees.
  • The crooks end up with all this valuable data—enough to file phony tax returns.
  • This ploy, called spear phishing, has already occurred to major companies.

Recently, the Mansueto Ventures company was hit by a spear phishing attack that singled out the employee payroll data. The hacker/s got ahold of the following employee information: Social Security number, name, address and income.

Employees have been notified, but how many of those employees have not yet filed their income tax returns? Of those, how many will be victims of identity theft because a hacker filed a tax return in their name as a result of obtaining the payroll data?

Again, get to your tax preparer ASAP, or if you normally file the return yourself, what are you waiting for?

Seagate is another company that got spear phished. The W-2 forms of its employees got into the hands of the thief or thieves. Apparently, the data of several thousand employees was stolen.

All it takes is one employee to get suckered into clicking the wrong e-mail. It’s possible for these e-mails to really, truly look like they came from a major decision maker from inside the company. A skilled hacker will carefully construct an e-mail that mimics company e-mail, complete with logo and company colors, and even the full name of the person he’s pretending to be. The e-mail may even address its recipient by name.

How does the thief get this information? It may all begin with the information he finds on a LinkedIn profile. Other bits and pieces may have been gathered off of Facebook or an online article about the person he’s impersonating, right down to that person’s nickname, making the fake e-mail look even more authentic, signing off with that person’s odd nickname.

Have you filed your tax return yet?

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention.

The Rising Risks of Tax Identity Theft

What are you doing to prevent tax identity theft? Do you even know what steps to take? You’d better, because this crime has tripled since 2010, says the FTC.

A report on foxbusiness.com describes tax identity theft as the act of stealing someone’s personal information, then the crook files a phony tax return in the victim’s name to get a refund. The victim will never see it in their mailbox. And that’s only the beginning of the victim’s problems.

First, your complaint that you didn’t get your check will fall on deaf ears; the IRS will think they already sent you the check. Remember, the thief posed as YOU. You then must:

  • File a form explaining you’re a victim of tax ID theft.
  • Provide proof that the SSN is yours.
  • Your complaint will be reviewed, delaying your refund for months.
  • But the game’s not over. The thief didn’t report the income you made on the side teaching group fitness classes. You’re now being charged by the IRS with a tax deficiency.
  • The snowball just keeps getting bigger: The thief may have enough information on you to open credit cards in your name and suck dry your bank account.

How to Protect Yourself

  • Guard your personal information. Never give out your Social Security number (job application, yes; sweepstakes contest, no; to someone over the phone, no).
  • Memorize your SSN and keep your SSN card in a locked place at home.
  • Buy a shredder and make a habit of shredding all personal and financial documents.
  • If you do your taxes yourself, your computer should have encryption software. Never use public (non-secure) Wi-Fi for any tax related transactions; cyber thieves could “see” your data transmissions.
  • When it’s time to mail in the return…do it inside the post office, never at a public mailbox or even your home mailbox.
  • If you can’t do your taxes, get them done by a reputable outfit. You may want to go with someone who’s done the taxes for years for one of your family members or close friends.

Robert Siciliano is an identity theft expert to TheBestCompanys.com discussing  identity theft prevention.

Reports say Russians hacked IRS Identities

CNN recently reported that the data breach of the IRS, which occurred between this past February and May, originated from Russia. The crooks were able to steal tax returns from over 100,000 people. The thieves filed a total of $50 million in tax refunds, having obtained personal data to get ahold of the data.

11DIn other words, this crime wasn’t a hacking job. The Russians didn’t hack into the IRS’s network through some “back door” or social engineering scheme. They actually entered through the front door, using the personal data they had obtained.

Just how the breach came about is not yet known. The IRS’s Criminal Investigation Unit, plus the Treasury Inspector General for Tax Administration, are trying to figure it all out. The FBI is also involved.

Americans have no reason to feel secure about the protection of their tax data. For years, there have been security concerns by the leaders, and this latest Russian incident has fueled the flames.

Orrin Hatch, the Republican Senate Finance Committee Chairman, has stated: “When the federal government fails to protect private and confidential taxpayer information, Congress must act.” This is not the first time that the Russians have caused a data breach for the U.S. government.

As for this latest incident, the Russian thieves had originally tried to get into the tax records of 200,000 people, but were only 50 percent successful—resulting in the breach of those 100,000 Americans.

However, the IRS intends on contacting every one of those 200,000 people about the attempt. This is because third parties may have these people’s Social Security numbers, among other personal data.

And what is the consolation for the 100,000 people whose tax records were obtained? The IRS said they will get free credit monitoring.

Robert Siciliano is an identity theft expert to TheBestCompanys.com discussing  identity theft prevention.

Tax Return Basics: What You must know!

Tax ID Theft

1SThree things in life are guaranteed: death, taxes and tax-related identity theft. Michael Kasper would agree. Someone registered Kasper’s IRS.gov account, requested the document for his 2013 tax return, then filed a 2014 tax return.

The crook used a middleman—an innocent woman who answered his Craigslist ad for a moneymaking opportunity. He sent the money to her bank account, then she wired it to Nigeria, not knowing she was helping the crook.

Kasper’s account got busted into when the crook guessed some information about him, maybe stuff he got off of social media. Go to IRS.gov to secure your account to make it nearly unhackable.

Get Your Tax Transcripts

You can request information via online about your tax returns and transactions for a given year. If you’re not registered yet, you’ll need your Social Security number and instant access to your e-mail account. The step after that is to answer private questions to confirm your identity. Otherwise just log in with your password and user ID.

To receive the information by snail mail, you’ll need your SSN or individual tax ID number, address from your latest tax return, plus birthdate.

Suspiciously Filed Returns

The IRS has been contacting people who are associated with suspiciously filed returns, requesting that they confirm their identity. This is the result of criminals using TurboTax to process returns. The IRS will always make such a request with snail mail, never a phone call, text or e-mail.

If you get in the mail a Letter 5071C from the IRS, there’s only two ways to confirm you are you: 1) Visit idverifty.irs.gov and answer some questions, or call the 800 number on the letter itself.

For this verification process, you should have on hand your previous year tax return, the current one, and any supporting paperwork like Forms 1099 and W-2. You’ll then need to verify you filed the suspect return.

And remember, if you’re on this list and the IRS wants to contact you, it will be by snail mail. Anything else is a scam.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention.

Watch Out for Tax Scams!

Spring is here (at least in some parts of the world in the northern hemisphere)! The bees are buzzing, the flowers are blooming, and the accountants are working late because for those in the U.S., it’s tax season! Scammers love tax season—there is a lot of money moving around as people pay taxes and receive tax refunds. And they have developed many ways to take advantage of that and steal your hard-earned money.

http://www.dreamstime.com/stock-photos-identity-theft-red-words-binary-code-computer-monitor-image39907813The Internal Revenue Service (IRS) maintains a list of the scams that they call the Dirty Dozen and have published this again for 2015. It’s a good idea for all of us to familiarize ourselves with these. Here’s the top three.

  • Phone scams. Your phone rings—it’s the IRS stating that you owe money and you must pay it NOW! It can be disconcerting but, never fear, this is a scam. Keep in mind that if you do owe the IRS, they will first contact with you via snail mail before calling. This is the number one scam that criminals are using during tax season so don’t answer your phone (just kidding…just be aware of this).
  • Phishing Hackers imitate the IRS and send an email that asks you to update your e-file immediately. The link then directs you to a bogus website. If you enter your information, the hacker collects any information you enter on the site. Remember, the IRS generally does not send emails, text messages or social media posts to request personal or financial information. If you receive any unsolicited communication that appears to be from the IRS, report it to phishing@irs.gov.
  • Identity Theft. If a cybercriminal gets access to your Social Security number (SSN), they can pose as you and file a tax return under your name, but have the refund sent to them. When you file your tax return, you’ll get a notice from the IRS stating that more than one tax return was filed for you. If you think you are a victim of identity theft or have been in the past, make sure to contact the IRS as they can issue you an identity theft PIN that will be used in addition to your SSN.  Make sure to protect your SSN and do not share it unless absolutely necessary.

Stolen tax returns and tax scams have been growing consistently, leaving many identity theft victims struggling to recoup their lost refunds and identities. To help you, here are some tips to protect yourself this tax season.

  • Protect your data.Store sensitive documents in a fire-proof safe. If you plan to receive documents with sensitive information like your financial information in the mail, make sure you have a mail box with a lock.
  • Shred non-essential paperwork.Check with your accountant to determine what you need and what you don’t. Use a cross-cut shredder to destroy unneeded documents.
  • File early.The earlier you file, the more quickly you thwart any criminal’s attempt to file on your behalf and collect your refund.
  • Be cautious when clicking. Don’t click on any links or email attachments from emails that appear to be from the IRS. Be suspicious of strange emails and websites instead of clicking on links navigate to IRS.gov on your browser directly
  • Protect your devices. Install comprehensive software like McAfee LiveSafe™ service that protects all your PCs, Macs, smartphones and tablets and make sure to keep it updated.

Here’s a great video from the IRS about tax scams and additional information on how to report IRS phishing scams.

Hope you have a safe tax season!

Robert Siciliano is an Online Safety Expert to Intel Security. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked! Disclosures.