We want to share with you some proactive steps and resources to help in your defense against tax-related identity theft.
Suggestions to protect you and your family from identity theft
Secure private personal information. Safeguard family names and birthdates, account numbers, passwords and Social Security numbers. Carefully consider all requests to provide your Social Security number before giving it out and don’t hesitate to ask why your private information is being requested. Secure your Social Security card in a safe or safety deposit box and never in your purse or wallet. Proactively shred all documents that contain personal data before disposing of them, even solicitations and “junk” mail that may unknowingly contain account numbers and personal information.
Monitor personal information shared on social media. Cybercriminals methodically gather data from online sources, including commonly used identifiers such as birthdate, maiden name, pet name, hometown, significant other and/or children’s information. Be cautious who you communicate with online and be selective before accepting electronic invitations from people you do not know or recognize. Separate what you post publicly from what you post with your personal contacts. Do not post personal and family data and set your account to private so it is not freely accessible to the public.
Secure your computer. Use current versions of antivirus, malware protection and firewalls and update these programs frequently. Consider having your software updated automatically, as well as using different computers for business and finances than you do for social media and personal matters. Use strong passwords, change them frequently and do not share them with others. Review IRS Publication 4524, Security Awareness for Taxpayers, for additional tips.
Beware of impersonators. Criminals utilize sophisticated computer technology, such as dialers and automated questions, to contact thousands of targets daily. Do not provide personal information to callers you do not know. If any caller requests that you verify personal information, be extremely cautious and ask for further confirmation of their identity, such as their telephone number, website, email address, supervisor’s name and mailing address. The IRS never initiates contact by telephone.
Beware of unsolicited emails and current phishing scams. Don’t open attachments or electronic links unless you know the sender. Internet sites should have a lock symbol to show the site is encrypted. Always beware of entering sensitive data. Forward emails received from IRS impersonators to phishing@irs.gov. The IRS never initiates contact by email, text message or social media channels. For more guidance on phishing scams, go to irs.gov/privacy-disclosure/report-phishing.
Monitor your personal information. Review your bank and credit card statements often. Immediately investigate any unusual activity.
Consider electronic transmission of financial information. No sensitive tax or personal information should be sent via unsecured email, even information being transmitted to CPAs, bankers or other financial advisors. A secure portal, encrypted email or physical mailing of sensitive information is necessary.
Order your free annual credit report. Call (877) 322-8228 or go to annualcreditreport.com to request your report and/or search for creditors you do not know. Choose to use only the last four digits of your Social Security number on your report. Consider placing a credit card freeze on your account so only creditors you approve can access your file.
What to do if you become a victim of tax-related identity theft
You may learn that your identity has been compromised by receiving a letter in the mail from the IRS, or when your personal income tax return is electronically submitted and subsequently rejected. If you receive a notice indicating identity theft, contact your CPA immediately so that appropriate steps can be taken to resolve the matter.
Other ways you may discover your identity has been stolen include:
- Finding purchases on your credit card that you did not make
- Discovering withdrawals from an account that you did not make
- Seeing that your address has been changed for certain accounts or you are no longer receiving your regular bills. (Cyber criminals may change your address when filing a return.)
- A letter or email from a business you are associated with (such as your cell phone provider) letting you know that they have been subject to a computer hack
The unfortunate reality is that personal data is already at risk everywhere, but you can take steps to reduce the likelihood of you being victimized by cyber criminals.
Please see the attached copy of the AICPA & CIMA Identity Theft Checklist which outlines action steps you and your organization may take to combat identify theft.
If you have any questions, please contact us.
The information contained herein is general in nature and is not intended, and should not be construed, as legal, accounting or tax advice. This communication may not be applicable to your specific circumstances and may require consideration of non-tax and other tax factors if any action is to be contemplated. Please contact your tax professional prior to taking any action based on this information. Accuity LLP assumes no obligation to the reader of any changes in tax laws or other factors that could affect the information contained herein.