Tax Fraud & Identity Theft

January 18, 2019

The holidays are over and a new academic year is underway. What’s next? Tax filing season.

You might have heard, because of the move to UCPath you will get two W-2 statements this year. They will be out shortly. Early February is prime time for criminals that want to commit identity theft and file fraudulent tax returns to bilk the government and cause you immense pain. They target the time just before and just after most companies release W-2 statements. You can make it more difficult for them to victimize you. 

Protect your social security number and your personal tax information as though it were cash. If you e-file, the IRS has added safeguards to reduce fraud. You may need information from last year’s return to e-file this year.  If you use a preparer, the IRS has provided them with information about how to protect your information. The industry came together to protect taxpayers. 

Email is a common method used to commit tax-related fraud. It’s common for criminals to impersonate the IRS. The messages look official and are sometimes threatening. The IRS has published simple steps to help protect yourself against phishing and other email scams. 

  • Be vigilant and skeptical. Never open a link or attachment from an unknown or suspicious source. Even if the email is from a known source, the recipient should approach with caution. Cyber crooks are good at acting like trusted businesses, friends and family. This even includes the IRS and others in the tax business.
  • Double check the email address. Thieves may have compromised a friend’s email address. They might also be spoofing the address with a slight change in text. For example, using narne@example.com instead of name@example.com.  Merely changing the “m” to an “r” and “n” can trick people.
  • Remember that the IRS doesn't initiate spontaneous contact with taxpayers by email to ask for personal or financial information. This includes asking for information via text messages and social media channels. The IRS does not call taxpayers with aggressive threats of lawsuits or arrests.
  • Do not click on hyperlinks in suspicious emails. When in doubt, users should not use hyperlinks and go directly to the source’s main web page. They should also remember that no legitimate business or organization will ask for sensitive financial information by email.
  • Use security software to protect against malware and viruses found in phishing emails. Some security software can help identify suspicious websites that are used by cybercriminals.
  • Use strong passwords to protect online accounts. Experts recommend the use of a passphrase, instead of a password, use a minimum of 10 digits, including letters, numbers and special characters.
  • Use multi-factor authentication when offered. Two-factor authentication means that in addition to entering a username and password, the user must enter a security code This code is usually sent as a text to the user’s mobile phone. Even if a thief manages to steal usernames and passwords, it’s unlikely the crook would also have a victim’s phone.
  • Report phishing scams. Taxpayers can forward suspicious emails to phishing@irs.gov.

Despite best efforts to thwart criminals, you may become the victim of identity theft and tax fraud. If that happens to you, the IRS published guidance to assist you in getting through it. A starting point is https://www.irs.gov/newsroom/taxpayer-guide-to-identity-theft. The California Attorney General also has helpful information at https://oag.ca.gov/idtheft.
April 15th is charging up. The risk of identity theft and fraud don’t stop then. The risk continues throughout the year. If you are the victim of tax fraud or identity theft this year, I’d like to know about it. Please drop me an email to sam.horowitz@ucsb.edu. #ucsbinfosec #tpsucinfosec

Share