Thanks to our friends at Kroll Fraud Solutions, we have some excellent 2008 tax season tips for avoiding identity theft:
The U.S. economy may not be the only beneficiary of the recently passed federal economic stimulus package – identity thieves are getting a boost, too. Why? In the wake of the recent IRS announcement that more than 130 million Americans will receive tax rebates this year, identity thieves are using the promise of extra cash to lure Americans into disclosing their sensitive personal information.
These “phishing” schemes can take a variety of forms, the most common of which involves an identity thief who calls or e-mails a consumer pretending to be an IRS employee. The consumer is promised a sizable rebate if they file their taxes early. All the caller needs in exchange is the consumer’s bank account number to deposit the check.
The bad news is that schemes like the one described above are common; the good news is that falling victim to one is avoidable – as long as consumers get smart on the facts and follow the proper precautions.
Below ID theft expert Brian Lapidus, chief operating officer of Kroll’s Fraud Solutions, offers some important advice that every consumer should know about protecting their personal information during tax season. At Kroll, Lapidus oversees a highly-skilled team that includes veteran licensed investigators who meet regularly with IRS agents to stay apprised of emergent tax fraud issues – bolstering the team’s specialized work supporting breach victims and restoring individuals’ compromised identities to pre-theft status.
Preparing your taxes?
Beware of phishing schemes. The IRS never contacts consumers by e-mail or phone to request sensitive personal information (SSN, checking account information, etc.). If you receive a phone call or e-mail that you suspect may be a “phishing” scam, file a complaint with the Anti-Phishing Working Group and contact the IRS immediately.
Avoid shopping mall kiosks or pop-up preparers who offer to assist you with tax preparation. Considering the amount of sensitive personal information involved in the tax preparation process, you probably don’t want to hand over your files to someone whose experience and background are unfamiliar to you. Ask a trusted friend to introduce you to his/her tax preparer or consult a local CPA association for trustworthy members.
Filing electronically?
Avoid using wireless networks. Use of wireless networks means your data is being transmitted over open airwaves, similar to a radio transmission. If not properly secured, data can easily be picked up by an uninvited party.
Don’t prepare your taxes on a public computer. Public computers can contain “keylogger” spyware, which records every keystroke including passwords and account information. Keyloggers make it possible for an identity thief to steal any information entered into the computer during your session. Preparing your taxes on a public computer also increases your vulnerability to “shoulder surfers” – individuals who look over your shoulder to observe what you are doing and, more importantly, collect the sensitive data you’re entering.
Only keep a record of your tax claims as long as necessary. Thieves can’t steal what you don’t have. Purge the data once the need for it has expired. Suggested guidelines for individual recordkeeping are available online through the IRS at: http://www.irs.gov/publications/p552/ar02.html#d0e617.
Filing by mail?
Don’t put your completed claim in an unlocked mailbox for pick-up. Instead, deposit outgoing mail at a post office.
Take it one step further and opt for delivery tracking. That way you can be certain that your information has gotten to the IRS safely.
Waiting for your tax rebate? Promptly remove mail from your mailbox after delivery. The longer your mail sits in an unsecured mailbox, the greater your chances of it falling into the wrong hands.
You may also choose to have the IRS deposit your tax rebate directly into your bank account, further minimizing the risk of theft.
The Better Business Bureau of Chicago and Northern Illinois has released its top 10 scam list for 2007. Even though this is a regional list, it fits nicely with what we’re seeing here at Fight Identity Theft:
1.Check Scams
Would-be victims receive a check in the mail, allegedly for winning a sweepstakes, lottery or promotion. The check supposedly covers taxes or other fees (see the text of the letter below). Here’s how the scam works:
You deposit the check in your bank.
You then pay the fees described in the letter via a money transfer.
Unfortunately there isn’t any prize money and your bank eventually will tell you that the check you deposited is a forgery.
You now owe the bank the money ($2,998.65 in the example below).
You try to track down the money you sent out via money transfer, which is just about impossible.
The scammers are now richer and you are poorer.
Here’s a sample of a check one of our readers received in the mail. The scammers will often place a reputable company on the forged check:
2.Advance Fee Lenders
These frequently will contact people by phone after they’ve filled out an online loan application or have found an advertisement in a local newspaper.
This is a similar scam to the check scam described above.
3. Online Employment Offers
Offers that look for "shipping" or "billing managers," "payment processors" or anything with a financial sounding name very frequently turn out to be fraudulent listings that are, in actuality, looking for victims to commit money laundering.
Other bogus online employment offers request money for travel, work visas, etc. Some scammers don’t ask for money, but instead ask for your personal info (name, DOB, SSN, address, mothers maiden name) in order to steal your identity or sell your info to someone that will.
Be extremely careful when dealing with online employment. Don’t send money to anyone. Use a company’s main number and then ask for your contact within the company vs. just dialing direct to the number you’ve been given in order to verify your contact really works at the company you’re interested in.
Every one loves a "Top 10" this time of year, so here is a great one from our friends at Kroll Fraud Solutions. It was put together by Brian Lapidus - Kroll Fraud Solution chief operating officer and identity theft expert.
Enjoy!
1. Beware the Word "Prevent"
No person and no product can prevent identity theft. As long as criminals can benefit from stealing, there will be theft. Sensitive personal information (SPI) is everywhere, housed and archived in a mind-boggling variety of ways. Individuals and companies can reduce access to SPI and improve safeguards around it by working to change how we share, collect, store and dispose of information.
2. There Are No Guarantees
This mantra holds true for a lot of things in life and dealing with identity theft is no exception. While a number of instances of fraud can be restored to pre-theft status, some identity dilemmas simply can’t be fixed. If you’re on the ‘no fly list’ thanks to an imposter or an error, you’ll stay there. A third-party solution cannot deliver a remedy.
3. Watch for "Shoulder Surfers" and "Skimmers"
Shield the entry of personal identification numbers (PINs), and be aware of people standing entirely too close by when using your credit or debit card in public. Especially with the advent of cell phone cameras, a sneaky, shoulder surfing thief can get your private information pretty easily, if you’re not careful. It’s also advisable to use teller machines that are familiar to you, so you are in a better position to identify when the equipment looks different or doesn’t “feel right.” Your increased awareness may reveal a skimmer’s attempt to steal PINs and banking details at that site.
4. Keep Your Social Security Card Safe at Home
Unless you’re on your way to fill out a job application, there are very few reasons to carry around the crown jewel of SPI. At lunch a few weeks ago, the woman beside me opened her wallet for a credit card and there was her Social Security card, too. Remember, ID theft and fraud are not exclusively credit-related – thieves can use a clean Social Security number to construct a whole new life.
Additional note from Dave: I regularly receive emails from Fight Identity Theft visitors explaining how they just had their purse or wallet stolen with their Social Security card inside. Remove that card today!
This has bounced around the internet the past few months, but I just had to share it.
In this clip, an eBay scammer appears on Judge Judy and is absolutely destroyed. Her scam was listing cell phones on Ebay, but instead of delivering an actual phone, she ships the buyer a photo of a cell phone.
How cute.
She tries to defend her scam by claiming that the buyer should have seen "photo only" in the fine print of the ad. Yeah, I’m sure that would work at a car dealership as well…
"I’m sorry sir, we can’t let drive the Mercedes home tonight. You actually only purchased the Mercedes S-600 brochure - not the car. We’re sorry, but that’s what the contract states if you look here at the bottom of page 15."
Fraud is fraud, whether it happens on eBay or at your local car dealership. Too bad the scammer got her comeuppance on a TV show instead of a real court. In any case, Judge Judy makes it pretty clear she’s going to do her best to sick the IRS and child protective services on the woman.
Charles Darrow patented Monopoly in 1935. Since then, millions of people have turned giddy when receiving the "Bank Error in Your Favor" card from Community Chest.
Unfortunately, bank errors are nothing but a hassle in real life - the only thing you collect is a headache and frustration. To help reduce the headache, here are 10 things that everyone should know about bank errors:
Be Patient
The problem will not be solved over night. Banks process many transactions every day and it may take a few days for them to track down and solve your problem.
Be Quick
Call in the error to the bank supervisor (there isn’t much that a teller can do) as soon as you discover it. The sooner the bank can start looking into it the better.
Keep Notes
Keep quality notes of who you talk to, when you talked to them, and what was said/promised. You may need to make several phone calls and it helps to be able to clearly state who you spoke with and what was said. You also may be required to provide documentation somewhere down the line of what you did. Good records will help make this as painless as possible.
Know the End Game
Ask for a date when the problem should be resolved. This will help keep the bank focused on solving your problem in a timely way.
Dodge Bounced Check Fees
If the mistake is an under deposit (you end up with less money than you thought), you should ask the bank to cover any fees that may occur because of the shortage of funds. The bank should cover fees to fix the problem and any others that occur because the correct amount of funds was not in the account
The BBC is reporting that 25 million Britains were exposed to the threat of identity theft when the HM Revenue & Customs (similar to the IRS in the U.S.) lost a CD containing personal data.
Ouch!
This has to be one of the worst data breaches ever, since the CD was not encrypted (just password protected) and the data included:
Name
Address
Date of birth
Bank account details
National insurance number
In case you’re not familiar with that last item, it’s similar to the Social Security Number here in the U.S. What else could a potential thief want?
The CD with the data was sent to another HMRC location by a lower level employee via regular mail instead of using an encrypted network connection or some other secure method. The CD never showed up at the other office and officials are now trying to determine if it was stolen or just lost.
“The data lost - bank account numbers, names and addresses - represents a gold mine for the thieves and is much more valuable to them than credit card numbers or taxpayer id numbers,” said Gartner analyst Avivah Litan.
“In fact, in the black market, bank account numbers sell for the highest price, or between $30 and $400 (£15 to £200), which is significantly more than the fifty cents to five dollars that criminals pay for credit cards.”
This disaster has already forced the resignation of HMRC’s chairman - Paul Gray. I’m guessing the employee involved was also “sacked,” as the Brits like to put it. Let’s hope so.
Recently, a new phishing e-mail has been circulating. The e-mail is the IRS asking for donations to help the victims of the California wildfires. The e-mail is a scam. The IRS is not and never will ask for donations, let alone send out an e-mail asking for financial and personal information.
The e-mail seems real enough. It provides links to an IRS website. The website asks for personal and financial information in order to obtain the donation. It seems like a good thing to do. However, do not enter any personal or financial information, the website is not the real IRS website. The information that is asked for is what the scammers use to steal identities, open new lines of credit and ruin peoples’ credit and lives. If that weren’t enough, the links and the e-mail are also thought to contain “malware and other malicious software.”
To protect yourself and help stop the phishing scam the IRS
“urged those who received the scam e-mail to help the IRS shut down the operation by forwarding it to phishing@irs.gov, using instructions found in “how to protect yourself from suspicious e-mails or phishing schemes” on the genuine IRS Web site, http://www.irs.gov.”
On a happier note, the IRS is doing their part to help the wildfire victims. They are extending payment and tax return filing deadlines for victims.
“As California taxpayers start the recovery process, the last thing they should worry about is meeting a tax deadline,” said IRS Acting Commissioner Linda Stiff. “The IRS offers many resources for disaster victims online at IRS.gov, over the phone and in person.”
If you would like to donate to the victims there are several ways in which you can. The LA Times wrote an article with several suggestions of how to help the wildfire victims.
Read the AP’s article for all the details of the e-mail scam.
Who would have thought that a big company like SuperValu would be susceptible to an e-mail scam and almost lose $10 million?! Well, it happened just a few months ago. In February they received e-mails supposedly from American Greetings Corp. and Frito-Lay indicating new bank accounts had been set up and payments should be wired to these new accounts.
Has anyone at SuperValu ever read about "phishing‘ or other email scams? I guess not…
Maybe you’re not ready to celebrate, but telemarketers all over the country are excited about the big day. Why, you may ask? Because your telephone number will automatically come off the Do Not Call list and back onto the desks of telemarketers. How can that be? Well, here’s a refresher course on how the Do Not Call Registry works:
After years of research, workshops, and meetings, as well as much consideration and input from over 64,000 people like you and me, the FTC and FCC came up the Do Not Call Registry. The registry was created to give you the right to opt out of annoying telemarketing calls. To sign up, you only have to call or fill out a form on to a website and submit your phone number. Telemarketers then have 31 days to remove your name from their call lists. Beautiful!
Who would have thought that befriending a frog could be dangerous? Well, it is, if that frog has access to things like your e-mail address, birth date, home address, work info or school info. You may say to yourself that you would never be so foolish, but what kind of info do you post on social network pages?
The security company Sophos did a study and to find out what kind of information people are sharing and how easy it is to get hold of it. So, they created “Freddi Staur” - a fake Facebook user - then sent out 200 friend invites.
“Of the 200 people contacted, 87 responded and agreed to be friends … 82% of them gave “Freddi” an open view of their profiles … 72% divulged at least one of their e-mail addresses, 84% gave up their date of birth, and 87% offered details about where they went to school and where they work.”
Having personal information on your profile isn’t the problem. The problem is who has access to the info because it could be used to steal your identity. While it may be cool to have lots of friends - even if it’s just a frog - you need to stop and think what kind of information you are giving them and how safe you really are.
If one study isn’t convincing enough, here is another. The BBC show Watchdog did a very similar study to Sophos study. They created a false identity and befriended people on facebook. Then they took their study one step further. They actually opened bank accounts and credit cards using the information of an individual that was provided on their profile! Social networks are not as safe as we would like to think. Read all the study details on the BBC web site.
Need another reason to be cautious of social networks? Here’s one, facebook employees can track what profiles you are looking at. Yep, not only can the look at anyone’s profile they can track the profiles that people look at. While it may weird you out, it also helps keep people safe. Check out the story and decide for yourself.
Netcraft, a provider of internet security services and research, is reporting that a recent batch of phishing web sites targeting Chase Bank and eBay were hosted by state-owned Chinese Construction Bank. This apparently is the first time a bank’s servers have been used to attack another bank.
The phishing emails were sent out in mid-March offering $20 for users to fill out a survey. As part of the survey, users were asked for their account username and password, credit card number, PIN, and security number as well as their SSN and mother’s maiden name. The phishing pages were hosted on an IP address assigned to China Construction Bank, Shanghai Branch.
It’s unclear if the attack was generated by the bank itself, by one of its employees, or by someone who had compromised the bank’s servers.
Fidelity Investments lost a laptop that had sensitive employee information for 196,000 current and former HP employees. The employes were told this week that they are at risk for identity theft and that they should take steps to protect themselves.
Here’s part of the email that went out to HP employees:
To shred or to tear: that is the question. Robert Cockerham of cockeyed.com decided to put the matter to a test. His test subject? A newly received Chase Mastercard pre-approved application.
Think only the uneducated can be caught in a criminal’s web? Hardly…
This is the sad story of “The Doctor” and “The General.” The doctor, in this case, is an internationally recognized psychiatrist, 89 year-old Dr. Louis A. Gottschalk. The general is a anonymous figure Dr. Gottschalk met in Nigeria known only as “The General.”
According to papers filed by his son, Dr. Gottschalk has been a ten year victim of a Nigerian Advanced Fee Scam, losing up to $3,000,000. Like the last victim we talked about, Dr. Gottschalk is also accused of destroying bank records in order to hide the crime. Understandably, his son is trying to wrest control of the family partnership before more money is lost to the criminals.
The U.S. economy may not be the only beneficiary of the recently passed federal economic stimulus package – identity thieves are getting a boost, too. Why? In the wake of the recent IRS announcement that more than 130 million Americans will receive tax rebates this year, identity thieves are using the promise of extra cash to lure Americans into disclosing their sensitive personal information. 
Loading ...
(5 votes, average: 4.2 out of 5)
Charles Darrow patented Monopoly in 1935. Since then, millions of people have turned giddy when receiving the "Bank Error in Your Favor" card from Community Chest.
Who would have thought that befriending a frog could be dangerous? Well, it is, if that frog has access to things like your e-mail address, birth date, home address, work info or school info. You may say to yourself that you would never be so foolish, but what kind of info do you post on social network pages?
