In the time that it took most of you to read that headline, fraudsters will have stolen nearly $10,000 from victims of identity theft. According to a recent report from research firm Javelin Strategy & Research, identity thieves have stolen $112 billion over the past six years. That works out to an astounding $35,600 (according to Javelin Strategy & Research) stolen every minute.
With those numbers, it’s no wonder that stories about identity theft are dominating the headlines. Yet, despite a heightened awareness about identity theft, consumers saw the number of identity fraud victims in the U.S. increase by 3% or 13.1 million consumers in 2015: that’s the second-highest level in six years.
Even as federal agencies and law enforcement attempt to tackle the problem, identity thieves seem to be one step ahead. “Fraud is evolving at a frantic pace although the amount of fraud has been relatively flat over the past four years. This just shows that when the industry cracks down on one type of fraud, criminals quickly shift their attack vector and area of operation,” said Al Pascual, Director of Fraud & Security at Javelin.
So, what is the latest trend? New account fraud. With existing account fraud taking a dip, largely due to increased monitoring, new account fraud has exploded, according to Pascual. Last year, new account fraud increased by 113% and now accounts for 20% of all fraud losses.
Unlike existing account fraud, where thieves use account numbers to access your existing bank accounts and credit cards, new account fraud happens when thieves use your personally identifying information, like your Social Security Number (SSN), to open new credit card accounts or apply for mortgages or lines of credit.
New account fraud is more expensive for consumers. According to Pascual, the average out-of-pocket cost to consumers to resolve existing account fraud is $30, compared to $250 for new account fraud. It’s also harder to detect than existing account fraud because you likely won’t get a call from a bank or credit card company when new charges appear because you may not even know about the new account for some time.
Thieves love the potential delay in reporting: it helps them stay ahead of the game. They can steal and get out, in some cases, before the consumer is even aware that it happened. What else makes it appealing? The wealth of personal information now available. One area of focus: those high profile Social Security Number (SSN) breaches. The
medical data breach at Anthem affected potentially 80 million Anthem customers, including accounts associated with Anthem Blue Cross, Anthem Blue Cross and Blue Shield, Blue Cross and Blue Shield of Georgia, Empire Blue Cross and Blue Shield, Amerigroup, Caremore, Unicare, Healthlink, and DeCare. Two breaches at the Office of Personnel Management affected nearly 26 million Americans. The attack on UCLA health systems resulted in the compromise of potentially 4.5 million patients and providers.
And the beat goes on. Data hacks, security breaches, and outright theft mean that the Personally Identifiable Information (PII) for millions of taxpayers is potentially available to identity thieves. That information can be used immediately to defraud consumers – or it can be packaged and sold on the black market. PII is definitely a hot commodity.
PII can not only be used to open new accounts, it can be used to access your tax data and potentially steal your tax refund. In 2015, Internal Revenue Service (IRS) reported that identity thieves illegally accessed tax information for hundreds of thousands of taxpayers using the “Get Transcript” tool on the IRS website. This year, the IRS advised that it was able to stop an attack on its Electronic Filing Personal Identity Numbers (e-filing PIN) application: unauthorized attempts made involving approximately 464,000 unique SSNs. In these cases, it has been suggested that the attacks were initiated using out-of-wallet information from a third-party tied to stolen SSNs. The results of those prior hacks tend to be most obvious at tax season when thieves are trying to reap the benefits of those stolen SSNs.
So What Can You Do to Protect Yourself During Tax Season?
- Don’t make it easy for thieves to get your Social Security Number (SSN): Pascual says, as a first step, that you should jealously guard your SSN.
- Avoid phishing emails and scams: Phishing often comes in the form of an unsolicited email or a fake website that poses as a legitimate site (like those pretending to be IRS) in order to get you to disclose your personal or financial information. Don’t follow any links from these e-mails to any websites where you might be asked for your personal information. Verify that you’re on a legitimate site before sharing your data; if you must access a particular site, log out from any links that you’re not sure about and navigate directly to the site instead. And remember: the IRS will not initiate contact with you by email (or phone) to discuss your account.
- Take data breach notifications seriously: According to Javelin, 64% more Social Security Numbers were exposed this year and there was a 110% increase in data on medical records made available to fraudsters. If you receive a notice from your bank, or the IRS advising you that your data may be at risk, pay attention. If you are advised that your personal information may be at risk, find out what specific, if any, information is at risk. Following up with credit monitoring might also be appropriate (As a side note: By law, you’re entitled to one free copy of your credit report each year from each of the major credit bureaus Equifax, Experian, and TransUnion: that’s a total of three reports every year [you may be entitled to additional copies if you’re the victim of identity theft]. To claim your free copy, visit Annual CreditReport.com or call (877) 322-8228. Review your credit report like you do your credit card or banking statements: check to make sure that the transactions and credit requests are those that you’ve approved.).
- File early and plan ahead: If you’re concerned about the status of your refund, try beating the bad guys to the punch by filing early and planning ahead. The IRS and various states will be using new technology and screens this year to try to identify bogus returns: that could mean that your refund might take a little longer. If you’re counting on your check, file early to account for any glitches or delays. Additionally, some apps, like the “Get Transcript” tool have been affected by attacks on taxpayer data. This year, for example, taxpayers may request a copy of a transcript online but the results of the request will be mailed to the taxpayer which can take several weeks.
- Keep an eye on your bank and credit card statements. You don’t have to be obsessive but do check your accounts from time to time to make sure that the recorded transactions are actually yours. Investigate and immediately report any suspicious activity.
- Understand that public wi-fi access really does mean public: When you’re sitting in Starbucks or your local library (whether for business or pleasure), be careful. Why? Because your data may be vulnerable to interception. Don’t connect to an unknown wi-fi connection (make sure that it’s legitimate). If you have an alternative connection available like using cellular data, consider using that instead. If you must connect using public wi-fi, use a VPN (Virtual Private Network). And save the really sensitive data – like online banking – for later. It really is best to avoid websites that could expose your passwords or financial information to potential cyberthieves on public connections.
- Take care with private documents: With so much emphasis on internet security, it’s easy to forget to safeguard paper documents. Don’t be careless with credit card statements, bank receipts and copies of tax returns. File the copies you need and shred the ones that you don’t.
- Keep your mailing address current: We are an increasingly mobile society. It’s rare that you’ll retire in the home that you start out in. Chances are, you’ll switch addresses more than once. When you do move, make sure that you contact your financial institutions, credit reporting agencies and tax authorities so that your mail doesn’t end up in the wrong hands. To easily change your address with IRS file a Federal form 8822 – Change of Address (downloads as a pdf). Allow plenty of time for processing. You should also file a change of address with the US Postal Service; you can make the change online here.
So, what do you think about the IRS and Identity Fraud?
Do you think that the IRS is doing enough to protect taxpayers’ personal information?
Bruce – Your Host at The Tax Nook
Our Firm’s Website: SolidTaxSolutions.com (or just click on the icon on right sidebar of this page).
Other Social Media Outlets: Facebook.com/SolidTaxSolutions (or just click on the icon on right sidebar of this page).
Twitter: Twitter.com/@SolidTax1040 (BTW, We Follow-Back).