Posts

Tax Identity Theft jumps on Payroll Scams

Do you work for a corporation, especially in the U.S.? You may be at risk for tax return fraud.

9DADP is a payroll provider. Hackers were able to acquire tax information of employees of U.S. Bank from ADP. Now, this doesn’t mean that ADP was directly hacked into. Instead, what happened, it seems, their authentication system was flawed and ADP failed to implement a protection strategy for the personal data to keep it safe from prying eyes.

The crooks registered ADP accounts by using the stolen data of the bank employees. These accounts allowed the crooks to get additional W-2 information—enough to commit tax return fraud. In other words, looks like a W-2 gateway was created to file fraudulent tax returns.

If it happened to U.S. Bank and ADP, it can happen many places else.

ADP says that the breach did not originate from their computer network, but where exactly it did come from is not clear at this point, as there are multiple possibilities including the hacking into of a third party service.

The hackers also used a unique company issued URL. This URL is needed to register an ADP account. It is not known at this point in time if the U.S. Bank URL required credentials to gain access to or not, but since this data breach, U.S. Bank has withdrawn plans to further post the URL online. U.S. Bank has also removed their publicly accessible W-2 form from cyberspace.

Despite the data breach, there were only minimal effects to employees and customers of ADP and U.S. Bank. But the minimal adverse outcome is no reason to let your guard down. Next time, the institutions may not be so lucky.

Solution: Fill out the IRS Identity Theft Affidavit ASAP. Here: http://robertsicilian.wpengine.com/wp-content/uploads/2016/06/f14039.pdf

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention.

Why You should file your Tax Return Yesterday

Someone else might file your taxes if you don’t get to it. And they won’t be doing it as a favor; they’ll be doing it to steal your identity.

9DHere’s how it works:

  • Cyber thieves send fraudulent e-mails to a business’s employees.
  • The e-mails are designed to look like they came from the big wigs at the company.
  • As a result, the targeted employees are tricked into revealing sensitive data about the company’s employees.
  • The crooks end up with all this valuable data—enough to file phony tax returns.
  • This ploy, called spear phishing, has already occurred to major companies.

Recently, the Mansueto Ventures company was hit by a spear phishing attack that singled out the employee payroll data. The hacker/s got ahold of the following employee information: Social Security number, name, address and income.

Employees have been notified, but how many of those employees have not yet filed their income tax returns? Of those, how many will be victims of identity theft because a hacker filed a tax return in their name as a result of obtaining the payroll data?

Again, get to your tax preparer ASAP, or if you normally file the return yourself, what are you waiting for?

Seagate is another company that got spear phished. The W-2 forms of its employees got into the hands of the thief or thieves. Apparently, the data of several thousand employees was stolen.

All it takes is one employee to get suckered into clicking the wrong e-mail. It’s possible for these e-mails to really, truly look like they came from a major decision maker from inside the company. A skilled hacker will carefully construct an e-mail that mimics company e-mail, complete with logo and company colors, and even the full name of the person he’s pretending to be. The e-mail may even address its recipient by name.

How does the thief get this information? It may all begin with the information he finds on a LinkedIn profile. Other bits and pieces may have been gathered off of Facebook or an online article about the person he’s impersonating, right down to that person’s nickname, making the fake e-mail look even more authentic, signing off with that person’s odd nickname.

Have you filed your tax return yet?

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention.

The Rising Risks of Tax Identity Theft

What are you doing to prevent tax identity theft? Do you even know what steps to take? You’d better, because this crime has tripled since 2010, says the FTC.

A report on foxbusiness.com describes tax identity theft as the act of stealing someone’s personal information, then the crook files a phony tax return in the victim’s name to get a refund. The victim will never see it in their mailbox. And that’s only the beginning of the victim’s problems.

First, your complaint that you didn’t get your check will fall on deaf ears; the IRS will think they already sent you the check. Remember, the thief posed as YOU. You then must:

  • File a form explaining you’re a victim of tax ID theft.
  • Provide proof that the SSN is yours.
  • Your complaint will be reviewed, delaying your refund for months.
  • But the game’s not over. The thief didn’t report the income you made on the side teaching group fitness classes. You’re now being charged by the IRS with a tax deficiency.
  • The snowball just keeps getting bigger: The thief may have enough information on you to open credit cards in your name and suck dry your bank account.

How to Protect Yourself

  • Guard your personal information. Never give out your Social Security number (job application, yes; sweepstakes contest, no; to someone over the phone, no).
  • Memorize your SSN and keep your SSN card in a locked place at home.
  • Buy a shredder and make a habit of shredding all personal and financial documents.
  • If you do your taxes yourself, your computer should have encryption software. Never use public (non-secure) Wi-Fi for any tax related transactions; cyber thieves could “see” your data transmissions.
  • When it’s time to mail in the return…do it inside the post office, never at a public mailbox or even your home mailbox.
  • If you can’t do your taxes, get them done by a reputable outfit. You may want to go with someone who’s done the taxes for years for one of your family members or close friends.

Robert Siciliano is an identity theft expert to TheBestCompanys.com discussing  identity theft prevention.

Reports say Russians hacked IRS Identities

CNN recently reported that the data breach of the IRS, which occurred between this past February and May, originated from Russia. The crooks were able to steal tax returns from over 100,000 people. The thieves filed a total of $50 million in tax refunds, having obtained personal data to get ahold of the data.

11DIn other words, this crime wasn’t a hacking job. The Russians didn’t hack into the IRS’s network through some “back door” or social engineering scheme. They actually entered through the front door, using the personal data they had obtained.

Just how the breach came about is not yet known. The IRS’s Criminal Investigation Unit, plus the Treasury Inspector General for Tax Administration, are trying to figure it all out. The FBI is also involved.

Americans have no reason to feel secure about the protection of their tax data. For years, there have been security concerns by the leaders, and this latest Russian incident has fueled the flames.

Orrin Hatch, the Republican Senate Finance Committee Chairman, has stated: “When the federal government fails to protect private and confidential taxpayer information, Congress must act.” This is not the first time that the Russians have caused a data breach for the U.S. government.

As for this latest incident, the Russian thieves had originally tried to get into the tax records of 200,000 people, but were only 50 percent successful—resulting in the breach of those 100,000 Americans.

However, the IRS intends on contacting every one of those 200,000 people about the attempt. This is because third parties may have these people’s Social Security numbers, among other personal data.

And what is the consolation for the 100,000 people whose tax records were obtained? The IRS said they will get free credit monitoring.

Robert Siciliano is an identity theft expert to TheBestCompanys.com discussing  identity theft prevention.

Tax Return Basics: What You must know!

Tax ID Theft

1SThree things in life are guaranteed: death, taxes and tax-related identity theft. Michael Kasper would agree. Someone registered Kasper’s IRS.gov account, requested the document for his 2013 tax return, then filed a 2014 tax return.

The crook used a middleman—an innocent woman who answered his Craigslist ad for a moneymaking opportunity. He sent the money to her bank account, then she wired it to Nigeria, not knowing she was helping the crook.

Kasper’s account got busted into when the crook guessed some information about him, maybe stuff he got off of social media. Go to IRS.gov to secure your account to make it nearly unhackable.

Get Your Tax Transcripts

You can request information via online about your tax returns and transactions for a given year. If you’re not registered yet, you’ll need your Social Security number and instant access to your e-mail account. The step after that is to answer private questions to confirm your identity. Otherwise just log in with your password and user ID.

To receive the information by snail mail, you’ll need your SSN or individual tax ID number, address from your latest tax return, plus birthdate.

Suspiciously Filed Returns

The IRS has been contacting people who are associated with suspiciously filed returns, requesting that they confirm their identity. This is the result of criminals using TurboTax to process returns. The IRS will always make such a request with snail mail, never a phone call, text or e-mail.

If you get in the mail a Letter 5071C from the IRS, there’s only two ways to confirm you are you: 1) Visit idverifty.irs.gov and answer some questions, or call the 800 number on the letter itself.

For this verification process, you should have on hand your previous year tax return, the current one, and any supporting paperwork like Forms 1099 and W-2. You’ll then need to verify you filed the suspect return.

And remember, if you’re on this list and the IRS wants to contact you, it will be by snail mail. Anything else is a scam.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention.

Watch Out for Tax Scams!

Spring is here (at least in some parts of the world in the northern hemisphere)! The bees are buzzing, the flowers are blooming, and the accountants are working late because for those in the U.S., it’s tax season! Scammers love tax season—there is a lot of money moving around as people pay taxes and receive tax refunds. And they have developed many ways to take advantage of that and steal your hard-earned money.

http://www.dreamstime.com/stock-photos-identity-theft-red-words-binary-code-computer-monitor-image39907813The Internal Revenue Service (IRS) maintains a list of the scams that they call the Dirty Dozen and have published this again for 2015. It’s a good idea for all of us to familiarize ourselves with these. Here’s the top three.

  • Phone scams. Your phone rings—it’s the IRS stating that you owe money and you must pay it NOW! It can be disconcerting but, never fear, this is a scam. Keep in mind that if you do owe the IRS, they will first contact with you via snail mail before calling. This is the number one scam that criminals are using during tax season so don’t answer your phone (just kidding…just be aware of this).
  • Phishing Hackers imitate the IRS and send an email that asks you to update your e-file immediately. The link then directs you to a bogus website. If you enter your information, the hacker collects any information you enter on the site. Remember, the IRS generally does not send emails, text messages or social media posts to request personal or financial information. If you receive any unsolicited communication that appears to be from the IRS, report it to phishing@irs.gov.
  • Identity Theft. If a cybercriminal gets access to your Social Security number (SSN), they can pose as you and file a tax return under your name, but have the refund sent to them. When you file your tax return, you’ll get a notice from the IRS stating that more than one tax return was filed for you. If you think you are a victim of identity theft or have been in the past, make sure to contact the IRS as they can issue you an identity theft PIN that will be used in addition to your SSN.  Make sure to protect your SSN and do not share it unless absolutely necessary.

Stolen tax returns and tax scams have been growing consistently, leaving many identity theft victims struggling to recoup their lost refunds and identities. To help you, here are some tips to protect yourself this tax season.

  • Protect your data.Store sensitive documents in a fire-proof safe. If you plan to receive documents with sensitive information like your financial information in the mail, make sure you have a mail box with a lock.
  • Shred non-essential paperwork.Check with your accountant to determine what you need and what you don’t. Use a cross-cut shredder to destroy unneeded documents.
  • File early.The earlier you file, the more quickly you thwart any criminal’s attempt to file on your behalf and collect your refund.
  • Be cautious when clicking. Don’t click on any links or email attachments from emails that appear to be from the IRS. Be suspicious of strange emails and websites instead of clicking on links navigate to IRS.gov on your browser directly
  • Protect your devices. Install comprehensive software like McAfee LiveSafe™ service that protects all your PCs, Macs, smartphones and tablets and make sure to keep it updated.

Here’s a great video from the IRS about tax scams and additional information on how to report IRS phishing scams.

Hope you have a safe tax season!

Robert Siciliano is an Online Safety Expert to Intel Security. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked! Disclosures.

Don’t be scammed into paying Back Taxes

It’s easy to scam someone who did something wrong by telling them they need to fix their mistake. This is why thousands of people get scammed into paying back taxes to the IRS—the IRS has nothing to do with these scams, of course, but the predators prey on peoples’ fear of Uncle Sam. It all begins with the fraudster making a phone call, pretending to be an IRS employee.

9DThey have other tricks up their sleeve too, such as making the caller ID show a number that appears to be coming from the IRS and identifying themselves with phony IRS badge numbers. They’ll even leave urgent messages if they get voicemail.

Preying on emotions, the crook gets vulnerable people to give up private information right then and there—enough information for the crook to commit some kind of identity theft crime. When many people hear “IRS,” they get scared. Scammers have ripped off millions of dollars as a result.

The IRS won’t give you a phone call if you’re delinquent in your tax payment. They’ll snail mail you an official notice instead. In fact, the IRS, despite its negative stereotype, won’t use scare tactics or threatening verbiage. Anyone on the phone who does this is pond scum; hang up immediately.

The IRS also won’t ever just up and e-mail you about back taxes. If you see “IRS” in a subject line, do not open it. Instead, forward it to phishing@irs.gov and delete it.

If you want to have a little fun with these thieves, then if you ever get a call from someone claiming to be from the IRS, nonchalantly tell them that you yourself work for the IRS. See what happens.

A woman in Denver, Rachel Fitzsimmons, received calls from the “IRS” telling her they were filing a lawsuit against her. The message was a robotic-sounding female voice that left a call-back number. At first she was unnerved, but then after doing some research, recognized this as a scam. She called back the number, let the man talk a little with the threat, then told him she worked for the IRS (she doesn’t). He immediately hung up. Busted!

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

10 Skeevy Scams to watch

You may think you’re not dumb enough to fall for scams, but consider that someone you care deeply about is naïve enough to be conned. Besides, some scams are so clever that even those who think they’re scam-proof have actually been taken for a ride.

http://www.dreamstime.com/stock-images-online-risks-sign-road-banner-image34668294Sometimes fraudsters pose as an authority figure. Some claim you won a prize, while others claim you’re in trouble. Some even claim they’re a family member (needing money) and have figured out a way to convince you of this.

Some scams are done via e-mail, while others involve a phone call or snail mail. One common ploy is for the crook to pose as a rep from the electric company and threaten to shut off your electricity unless you pay a delinquent bill. Of course, the payment must be in the form of a reloadable debit card. People will actually give these cards to the “rep,” without calling the company to confirm the situation.

A big tip-off to a scam is that you’re told you won a prize or have been hired for employment—but must send money to get the prize or be trained for the employment.

Some scams are so very obvious, but still, people get taken, like those ridiculous e-mails claiming you inherited a windfall from some deceased prince named Gharbakhaji Naoombuule. But people actually fall for these, not considering that this same e-mail was sent to 10,000 others.

Top 10 Scams

  • Caller ID spoofing. Has your phone ever rung and you saw your phone number and name in the caller ID screen? How can your own phone be calling you? It’s a scam. Ignore it. If you pick up you’ll hear an offer for lower credit card rates. You’ll be told to press 1 to opt out—but you should not even be on that long to hear this option; you should have hung up the second you heard the credit card offer. Anyways, pressing 1 indicates your number is legitimate; it’s then sold to scammers. Caller ID spoofing is also perfect for scammers posing as the police, government agency, corporations etc all with the intention to get you to part with your money.
  • Mystery shopping. Though mystery shopping is a legitimate enterprise, scammers take advantage of this and mail out checks (phony) before the “shopping” is done. A legitimate company will never do this. They also get victims to give up credit card data to pay for getting a job!
  • Calls about unpaid taxes. Always hang up, regardless of threatening nature to pay up or else. The IRS always uses snail mail to notify people of unpaid taxes.
  • Puppy scam. You find a website offering purebred puppies at very low prices or even for free, but you’re told you must pay for shipping or transfer fees (wire transfer) to get your puppy. The money is gone and you never get your puppy.
  • You get a call from someone claiming to have found buyers for your timeshare. You receive a contract, but are told you must pay funds to cover some fees. The contract is phony.
  • Tech support. Someone calls you claiming your computer needs servicing. They’ll fix it after you give them your credit card information. Legitimate geeks don’t call people; you must call them.
  • Postcard survey. Out of the blue you’re told you’ve won a gift card, or, just take a brief survey to get one. Go along with this and soon you’ll be asked to provide your credit card number. Don’t bother. You’ll get no gift card while the crook gets your credit card information.
  • A notice says you’ve won a big fat prize. To claim it, just pay some fees. Yeah, right. Never pay fees to collect a prize!
  • You’re told you’re eligible for a grant or have been awarded one, but must first pay processing fees. Federal grants don’t require fees.
  • Subscription renewal notice. The notice says you can renew for a lower rate. Check to see if the notice was sent by the publication itself or some third party (the crook).

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing  identity theft prevention.

IRS announces a 66% Increase in Tax Identity Theft Investigations

Tax related identity theft is reaching nightmarish and epidemic proportions. Heed the following to minimize your risk.3D

  • File taxes early. ‘Tis the season for tax fraud, and scammers like to get a jump start from the beginning. File early before the fraudsters file.
  • Use electronic filing. Paying the IRS via e-filing is fast and more secure than the paper method. You’ll also get an e-confirmation of receipt. E-filing also lets you know promptly if another person has filed under your own information.
  • An IRS e-mail is probably a fake. You’ll never get an unsolicited e-mail from Uncle Sam asking for your SSN, date of birth or other private information. Don’t open these e-mails. If you accidentally open one, do nothing more than forward it to phishing@irs.gov.
  • Fake web sites. Telltale signs of a fraudulent site are typos and grammatical mistakes, odd page layouts, an unprofessional appearance and other oddities. Be suspicious if there’s not a tiny yellow padlock and “https” to the left of the URL.
  • Be careful where you store. Never store tax information on an Internet drive or cloud. If it must be stored on a computer, encrypt the drive. Better yet, store it on an external drive or disk that’s encrypted or password protected, and store this in a locked safe.
  • Strong, long passwords and usernames. Use an assortment of characters (letters, numbers, symbols like # and *).
  • Check your annual Social Security statement. It shows all income from U.S.-workers under your SSN.
  • Your tax preparer. Use a reputable, licensed tax preparation firm. There exist many tax fraudsters.
  • Be on red alert. Services that claim to have no or very low tax liability often sock you with very high fees, or divert refunds or take money from returns.
  • Snail mail alert. Monitor reception of tax forms. Take notice if any are late or seem to have been opened. If anything is awry, notify the provider at once to find out when they were sent out.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing  identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.

Tax Season Scams Bite Businesses

There are numerous tax related scams out there. And as a business or even a consumer, forewarned is forearmed.

9DTax relief. Predators scan through tax lien notices to see who’s in deep with the IRS, then offer them tax relief services which are fraudulent. You pay them, and voila, your money not only is gone, but so is the “service.” You’re now further sunk in debt.

  • A fee, usually high, is required in advance.
  • These scams may be advertised on TV and radio.
  • They may also come as an unsolicited snail letter or e-mail, saying that you qualify for some governmental plan.
  • The company offering the solution may suddenly disappear.
  • If some kind of tax payment plan seems too good to be true, assume that it is.

IRS giving away money. When pigs fly. But really, this scam makes its rounds: flyers and ads claiming free money from Uncle Sam, suggesting you can file a return with minimal or no documentation. These postings often appear in churches. People see them and innocently spread the word.

Abuse of 501(c)(3). Numerous types of nonprofit organizations are exempt from certain kinds of federal income taxes. Some organizations will create schemes to become exempt, including ploys that fraudulently shield income from taxation.

Corporate ownership disguise. A third party is fraudulently used to request EIDs (employer identification numbers). The third parties then form corporations that muddle the business’s true ownership standing.

Trust misuse. Transferring assets into trusts may have some legitimacy, but shady promoters have also encouraged people to do this in an improper way. These transactions don’t live up to their promise of reducing taxable income or maximizing deductions for giving gifts or for personal expenses.

Inflated income & expenses. Though some businesses deflate income to lower what they owe, others will inflate it to optimize refundable credits. They may also claim expenses they never paid.

Hiding income offshore. Some people and businesses, to avoid paying taxes, hide income in offshore accounts. They use credit or debit cards, or wire transfers to gain access to their funds. Other people will use employee-leasing schemes, employ foreign trusts, or use insurance plans or private annuities to get access.

Fake forms. Someone files a false information return, like the Form 1099 Original Issue Discount, to validate a fake refund claim on a corresponding return. Some have made false claims for refunds based on the sham theory that the IRS has secret accounts for U.S. citizens and that one can gain access to these accounts with the 1099 OID form.

Ridiculous attempts at write-offs. Businesses claiming crazy, frivolous claims to avoid paying owed taxes like that business trip to Mardi Gras. The IRS will recognize many frivolous tax arguments and will toss them out of court.

Robert Siciliano is an Identity Theft Expert to AllClear ID. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video. Disclosures