How Worried Should We Really Be About Tax Identity Theft?


If you’re of the opinion, “Oh, that won’t happen to me…” I hope we can get you to rethink that before it’s too late.

In February of this year, the IRS reported a 400% increase in malware and phishing tax fraud schemes. That means tax identity thieves are proving diabolical, getting you to pay them money directly for fake taxes owed or to freely give them your personal identity information so they can steal tax refunds in your name. Either way they are stealing billions.

The top tax identity theft schemes

A tax-related phishing scheme is when you receive a phone call, an email or even a text from someone pretending to be the IRS. They “fish” for your information, hence the term, “phishing.” They may ask you to update your personal information so that you can receive your tax refund, or demand that you owe taxes and must pay immediately.

Malware is a factor when you click on a link in a fake text or an email and are connected to a fake website that mimics the IRS and asks you to fill in your personal identity information. Your interaction with the website allows the scammers to deposit malware on your computer, which they can later use to steal more of your information.

“All thieves need to file a fraudulent tax return and receive a fraudulent tax refund is a Social Security number and a name. If they can get you to give it to them by phishing, all the better for them,” says Neal O’Farrell, founder of the Identity Theft Council and Credit Sesame’s former security and identity theft expert.

If a thief uses your social security number to claim a fraudulent tax refund early in the tax season, the IRS will reject the legitimate tax return that you file later, because the computer will flag it as having already been filed.

An inability to e-file for this reason is the biggest tip-off to this kind of tax identity fraud. That’s why the best prevention against fraudulent tax refunds claimed in your name is to file as early as possible.

When it comes to phishing demands for tax payment, this January, the Treasury Inspector General for Tax Administration (TIGTA) announced they received reports of approximately 896,000 phone scam contacts in the past three years and over reports from over 5,000 victims who have collectively paid more than $26.5 million to scammers.

How do thieves get your Social Security number?

O’Farrell says you have control over some points of access to your personal information (you can prevent phishing), but not all (you can’t prevent data breaches).

“In March 2015 alone, the Social Security numbers for one in every two adults in America were exposed in just two medical breaches: Anthem which exposed 80 million identities, and Premera, which exposed 11 million more identities,” says O’Farrell.

Thieves now target medical data because it gives them all of your information, including your Social Security number, at once. Thieves sometimes combine information gathered from several different sources. They might get your social and name from one source, your addresses and birthdate from another and your financial accounts from another.

According to O’Farrell, the more pieces of information hackers have, the more they are able to defeat the most commonly used identification security system called Knowledge Based Authentication, which relies on personal information from your past and current addresses, accounts, cars and jobs.

“Social Security numbers are identity theft gold because this bit of information never dies,” says O’Farrell. “You can’t change your social security number. Thieves can use it this year, next year, in five years or in 20 years.”

Another way thieves get your Social Security number and other personal and financial information is through good, old-fashioned burglary.

“Nowadays, thieves don’t want to lug your 60” TV around town trying to sell it. They are looking for a quick piece of paper with your social security, name, birthdate and financial account information which they can use to steal so much more from you,” says O’Farrell who advises consumers to shred monthly bills and keep personal identity documents in a safe or hidden.

Another version of hard theft occurs when employees or accomplices steal physical files from an office.

In fact, the description of some of the largest tax identity theft crimes prosecuted by the IRS in 2015 paints a vivid picture:

  • During the execution of a search warrant at the residence of a couple who filed false tax returns claiming approximately $3 million in refunds, law enforcement officers recovered lists and medical records containing the personal identifying information of more than 7,000 victims.
  • In a large-scale identity theft ring that filed more than 9,000 false individual federal income tax returns claiming over $24 million in fake tax refunds, the stolen identities came from the U.S. Army, several Alabama state agencies, a Georgia call center and employee records from a Georgia company.
  • In a conspiracy to commit tax fraud, one thief was employed at a regional hospital and used the personal identity information from five patients to file bogus federal income tax returns. The identities of 531 sixteen-year-olds were also used to file for fraudulent federal income tax returns in this same case.
  • A group of thieves filed more than 1,000 fake tax returns claiming more than $5.3 million in refunds using the stolen identities of approximately 991 people, many of whom were later discovered to be deceased at the time of filing.

O’Farrell says the IRS is trying to catch thieves and fraudulent returns but just doesn’t have the budget or the bandwidth and thieves know that. For example, the IRS has just suspended its online Identity Protection Personal Identification Number (IP PIN) tool for retrieving lost or forgotten numbers because it is “looking at strengthening its security features,” according to the IRS website.

How to identify legitimate IRS communication

O’Farrell says an important part of protecting yourself from tax identify fraud is to know how the agency will legitimately contact you and what they may request.

According to a recent IRS press release, the IRS will never call you to demand payment over the phone, although the agency may call you after having first mailed you several notices. And, you will always have the opportunity to question or appeal the amount you owe as the IRS will never threaten with law enforcement or arrest if you don’t pay immediately.

The IRS will also never email you or text you and will never ask you to verify your identity by asking for personal or financial information that way. They will never require you to use a specific method of payment, such as a prepaid debit card or ask for a debit or credit card over the phone or email.

Why do we fall for this phishing tax fraud to the tune of billions per year? “Misplaced trust and well-earned fear,” says O’Farrell. “People trust email and are afraid of the IRS.”

Falling for fraud and ignoring tax problems is a sure path to harming your credit indefinitely as unpaid tax liens, fraudulent or not, will show up on a credit report and do some damage, at least temporarily.

This post was published on behalf of Credit Sesame.