HOW SENIORS CAN PREVENT RISING ONLINE SCAMS, IDENTITY THEFT DURING 2016 TAX SEASON

As April 15 quickly approaches and Americans start to file tax returns, a large number of people will be in for a shock.

And it’s not a bigger-than-expected refund.

Many will learn their taxes have already been filed – by someone else using their identity.

Identity theft and tax fraud are on the rise in 2016, with an increasing number of fraudulent tax filings to the Internal Revenue Service through such popular online programs as TurboTax, H&R Block, and eFile. Con artists use information such as Social Security numbers to file taxes and get a job falsely – resulting in the IRS having inaccurate taxpayer income data.

One such case was a 29-year-old Okeechobee woman who filed a report in January with the local sheriff’s office after discovering a tax return was previously submitted in her name, giving the thieves a refund of $1,500.

According to the IRS, there were nearly 736,000 reports of fraudulent contacts since 2013, a majority of those by scammers posing as IRS agents. Telephone rip-offs have cost taxpayers more than $23 million, the agency says.

With more taxpayers turning to the Internet to file taxes quickly and easily, the problem of identity theft is far from a minor nuisance. The IRS estimates it prevented $24.2 billion in identity theft in 2013; a report by the U.S. Government Accountability Office shows the IRS still paid $5.8 billion in fraudulent refunds, up from $3.6 billion the year before.

Seniors and immigrants are particularly vulnerable to identity theft, IRS officials say. Usually, the scam begins with a call to victims asking for Social Security numbers.

“Callers claim to be employees of the IRS, but are not,” the IRS website advises. “These con artists can sound convincing when they call. They use fake names and bogus IRS identification badge numbers. They may know a lot about their targets, and they usually alter the caller ID to make it look like the IRS is calling.”

In a recent Context Florida op-ed, Apryl Marie Fogel of the 60 Plus Association, a nonpartisan senior advocacy group, warns that the use of technology and a lack of online security will only increase the problem.

“There are literally millions of online accounts that criminals can use to prey on legitimate taxpayers, stealing their identity and pocketing their hard-earned money,” she writes. “Everyone is at risk, especially seniors.”

As an example, Fogel points to the 2015 instance of two former TurboTax employees who acknowledged the existence of accounts that “were 100 percent used only for fraud.” The pair accused TurboTax management of “forbidding” either flagging or turning off the fake accounts while refusing to implement security measures to stop widespread fraud.

In Florida, Attorney Gen. Pam Bondi’s office released a checklist to help safeguard taxpayers from fraud and identity theft:

• File tax returns early;
• Research tax preparers thoroughly before providing personal information;
• When filing electronically, use a secure Internet connection. Do not use unsecured, publicly available Wi-Fi hotspots;
• Mail tax returns directly from the post office, not from home;
• Many taxpayers are eligible for an Identity Protection PIN from the IRS. Should someone enrolled in the IRS IP PIN program and file a return with an incorrect PIN, the IRS will reject or delay the return until submitted with the correct PIN and the taxpayer’s identity is confirmed. To obtain an IRS IP PIN IRS.gov;
• The IRS will never initiate contact by email, phone, text or social media. If the IRS needs information, it will first contact by mail; and
• If a Social Security number has been compromised, contact the IRS ID Theft Protection Specialized Unit at (800) 908-4490.

Also, the 60 Plus Association issued a news alert/fact sheet with tips, precautions and things to keep in mind to avoid being scammed, which includes information about the IRS services available for seniors and others with low incomes. 60 Plus also provides an online resource with more information geared toward older adults: www.60Plus.org/StopIRSScams.

Tax phishing scam targets TurboTax users

Millions of taxpayers use computer software to prepare and e-file their returns each year. That makes them prime tax identity theft targets.

That's the case for some users of TurboTax.

This filing season, they've received emails saying, "Recent activity on your turbotax account has led to temporarily deactivation of your account. This might lead to permanent deactivation if not addressed on time. Verify Your TurboTax. Thanks for choosing TurboTax!"

Tax scam clues

If you're in the middle of filing your return and get this message, you might freak out a bit. Don't. It's fake.

Worse, it's a phishing scam in which crooks are trying to get you to reveal your tax data, which they'll then use to file a fraudulent return with a fake refund amount in your name.

The crooks offer clues in their message that it's not really from TurboTax or its manufacturer Intuit.

Note the lower case "turbotax." The company isn't going to misspell its prime brand's name.

The exclamation point also is suspicious. While Intuit is enthusiastic about TurboTax, that closing is a bit too upbeat for such a serious situation.

And not to go all grammar police, but there's also the garbled syntax "temporarily deactivation" instead of "temporary."

If only the scammers would be a bit more careful in putting together their schemes, they might not get busted so quickly. But then, they are crooks.

Report the tax scam

If you get this or a similar message, Intuit says don't open any attachment in the email.

Don't forward the email to anyone else.

Do, however, send a copy of it to spoof@intuit.com so that the company can use it in its investigation of the phishing attempt.

Then delete the message and get back to work on your taxes using your real TurboTax program.

Expect to see more tax phishing

It wouldn't be a big surprise to see similar phishing attempts invoking other tax software brands. The Internal Revenue Service says that these email schemes continue to be one of the top tax scams it sees every filing season.

"Criminals are constantly looking for new ways to trick you out of your personal financial information so be extremely cautious about opening strange emails," says IRS Commissioner John Koskinen. "The IRS won't send you an email about a tax bill or refund out of the blue. We urge taxpayers not to click on any unexpected emails claiming to be from the IRS."

Ditto for unexpected emails from your tax software provider.

Take anti-scam steps

In addition to contacting the IRS and your tax software company directly about suspicious phishing emails, you also should subscribe to an anti-virus software and keep it up-to-date.

Make sure you have updated your web browser to one that includes anti-phishing security features. Also stay up to date on the latest releases and patches for your operating systems and critical programs.

And generally, be vigilant during filing season.

Do not respond to emails or text messages warning about problems with your taxes, especially when they ask for your account, password, banking or credit card information. Instead, go directly to the source, be it TurboTax or another company or the IRS.

Identity Theft A Concern As Two Tax Preparation Software Companies Announce Unusual Activity

FROM FORBES.COM

Identity theft continues to be a concern this tax season with two tax preparation software companies reporting unusual activity involving their customers. Those companies, TaxSlayer and TaxAct, have not suspended filing and do not believe that there has been an official data breach.

Tax preparation software TaxSlayer has reported that accounts belonging to some of its customers have been illegally accessed. The company released a press release stating:

As a result of ongoing security reviews, TaxSlayer identified a small percentage of its customers whose accounts may have been accessed by someone who obtained their username and password from another online service.

TaxSlayer notified about 8,800 individuals, or less than one third of one percent of our database. The company is confident this incident did not result from a breach of our systems. Rather, individuals’ usernames and passwords were compromised from another source. Regardless of size or origin, this is being actively investigated, as heightened security is our number one priority.

TaxSlayer worked with the IRS and state revenue departments throughout 2015 on security initiatives to combat fraud and continues to do so.

TaxSlayer values its customers, who entrust our company with their information, and are committed to educating taxpayers about cyber security. We encourage our customers to take steps to protect their personal and financial information in all their business. To further serve our customers’ best interests, we have offered customers affected by this incident 12 months of free identity theft insurance through ID experts. We also recommend that taxpayers use strong passwords that are unique to their account with us.

Daniel Eubanks, Director of Compliance at TaxSlayer, stressed that this was “not a vulnerability or breach” but rather an attempt to access the company’s database using credentials stolen from other sources. It’s not yet known where the criminals might have obtained the credentials. Eubanks did note that sometimes user names and passwords are recycled or used many times: you may use the same credentials at multiple places like banks, making it more likely that information can be stolen and used to improperly access your accounts.

(For more on protecting your ID, read this prior post.)

A second tax preparation company, TaxAct, reported similar attempts to access its customer accounts earlier this year. According to a TaxAct spokesperson:

In January, TaxAct suspended a small number of accounts – less than 0.25 percent (less than ¼ of 1 percent) – after identifying instances of suspicious activity. The attacker did not gain access to income tax returns for the vast majority of the suspended accounts. Of those accounts suspended, a very small number, less than 5 percent of the ¼ of 1 percent, involved returns being accessed. This equates to less than 500 accounts.
As a result of our existing processes, we identified the issue early and prevented any further data from being compromised. As you can appreciate, specific detail around how we detected this activity is highly confidential and could provide valuable insight for the perpetrators who are behind these actions.

We then partnered with a leading forensic specialist firm, to further investigate. We have concluded that this incident was not the result of a security breach of TaxAct systems. Rather, we believe usernames and passwords for a small number of account holders were obtained from sources outside of our own systems.

TaxAct has industry-standard security protocols in place and is taking additional measures to further protect our data from external threats. The company continues to proactively identify the best and most secure technology to safeguard our customers’ information.

We would like to use this as an opportunity to remind all tax filers of the importance of protecting their own personal information at all times. For starters, don’t use the same username and password for multiple online accounts. This can’t be stressed enough when it comes to tax or finance-related online accounts.

TaxAct also offered the following tips for protecting your data:

• Don’t use your email address or a portion of it as your username. For example, if your email address is jdoe@email.com, you shouldn’t use ‘jdoe’ as a username for any of your online accounts.
• Change all passwords frequently.
• Limit what you share on social media.
• Use anti-virus software and protect your computer by installing a firewall.

If all of this sounds very deja vu, you’re not wrong. It’s very similar to what Intuit and Internal Revenue Service (IRS) alleged last year. In 2015, TurboTax temporarily halted transmission of state e-filing tax returns, effective for all states, after it noticed an uptick in fraudulent data. Intuit believes that the stolen data was obtained from sources outside of their own systems.

While TurboTax’ woes were reportedly restricted to state returns, the IRS had its own data problems last year. IRS Commissioner Koskinen announced that identity thieves used customer account information from outside sources illegally accessed tax information tied to hundreds of thousands of taxpayers via the “Get Transcript” tool. The tool is no longer available for taxpayers to access online.