Guest post by Brian Lapidus of Kroll Fraud Solutions
1. Obtain a list of all authorized e-file providers registered with the IRS. This year marks the 21st season of electronic filing with nearly 1 billion returns processed. All taxpayers that count themselves part of the latest trend should ensure they are using a credible provider.
2. Beware of phishing schemes. To avoid this annual threat, taxpayers must remember one simple fact: the IRS never contacts taxpayers by e-mail or phone to request sensitive personal information. If you suspect that you are the target of a phishing scam, file a complaint with the Anti-Phishing Working Group and contact the IRS immediately. This is particularly important as the IRS rolls out new electronic taxpayer resources, including the IRS2Go smartphone app, which allows the user to check the status of their tax return and receive tax tips. Similar tips are posted on the IRS’ Twitter page, as well. Keep in mind that all IRS communications are one-way. The IRS will never ask you to submit personal information through these channels.
3. Never prepare or submit tax returns on public computers, which can contain malicious software such as “keylogger” spyware used to record every keystroke. It also increases vulnerability to “shoulder surfers” – individuals who look over your shoulder to observe and collect sensitive data. In one particular case, Kroll’s investigators helped a victim who had used a public computer to access his tax claim on an e-file provider’s website. After the fact, the victim discovered that a hacker had lifted his password from the public computer and inappropriately accessed his account. Making matters worse, the victim informed investigators that he used the same password for multiple accounts (another bad practice), which gave the hacker access to his e-mail and financial accounts, as well.
4. Avoid sending data over a public wireless network. If not properly secured, data can easily be picked up by an unauthorized party. Don’t confuse network access and network security. The need for a password to log on to a network does not mean the network is secure. The Federal Trade Commission offers this tip about wi-fi hotspots: “When using a Wi-Fi hotspot, only log in or send personal information to websites that you know are fully encrypted.” Keep in mind that a site may only be encrypted at the login page and not the other pages.
5. Keep a record of your tax returns only as long as necessary. After all, thieves can’t steal what you don’t have. Whenever possible, safely discard any electronic records or paperwork once the need for them has expired. For paper record disposal, be sure they are shredded before they are thrown out – a crosscut shredder is best. For electronic records, ensure that anything you absolutely must keep cannot be shared through a peer-to-peer network, and never discard or sell an old computer containing sensitive information unless the hard drive has been effectively wiped (simply deleting files won’t do the trick). As to how long to keep your records, suggested guidelines are available through the IRS.
The IRS and their Office of Identity Protection are well aware of the identity theft risks facing taxpayers today. As a result, they have stepped up efforts to process these returns safely and efficiently. Specific details should be released in the near future. Until then, the IRS is keeping these measures behind closed doors and away from potential fraudsters.
—
Brian Lapidus has unique frontline experience helping a wide variety of corporations and organizations safeguard against and respond to data breaches. With an extensive background in organizational development, today he sets direction for the company’s continued success in identity theft discovery, investigation, and restoration. Lapidus is particularly knowledgeable about the many security gaps – physical, procedural, and electronic – common to many U.S. companies and organizations, as well as the criminal landscape where stolen identities are bought, sold, and used. He oversees a highly-skilled team that includes veteran licensed investigators who specialize in supporting breach victims and restoring individuals’ identities to pre-theft status.
He also is working with consumer organizations to help ensure responsible practices among businesses that provide identity theft-related services. Lapidus has a bachelor’s degree from Washington University with a concentration in psychology and business and an MBA from Vanderbilt with a concentration in strategy and general management.
Kelly,
Re: old computers and their hard drives – Here in Grand Rapids there is a recycle shop that I bring my hard drives to. For a nominal fee, they physically shred the drives as I watch. They are turned into small pieces of metal. One can never be too careful.