Fight Identity Theft Blog

Thanks to our friends at Kroll Fraud Solutions, we have some excellent 2008 tax season tips for avoiding identity theft:

The U.S. economy may not be the only beneficiary of the recently passed federal economic stimulus package – identity thieves are getting a boost, too. Why? In the wake of the recent IRS announcement that more than 130 million Americans will receive tax rebates this year, identity thieves are using the promise of extra cash to lure Americans into disclosing their sensitive personal information.

These “phishing” schemes can take a variety of forms, the most common of which involves an identity thief who calls or e-mails a consumer pretending to be an IRS employee. The consumer is promised a sizable rebate if they file their taxes early. All the caller needs in exchange is the consumer’s bank account number to deposit the check.

The bad news is that schemes like the one described above are common; the good news is that falling victim to one is avoidable – as long as consumers get smart on the facts and follow the proper precautions.

Below ID theft expert Brian Lapidus, chief operating officer of Kroll’s Fraud Solutions, offers some important advice that every consumer should know about protecting their personal information during tax season. At Kroll, Lapidus oversees a highly-skilled team that includes veteran licensed investigators who meet regularly with IRS agents to stay apprised of emergent tax fraud issues – bolstering the team’s specialized work supporting breach victims and restoring individuals' compromised identities to pre-theft status.

Preparing your taxes?

• Beware of phishing schemes. The IRS never contacts consumers by e-mail or phone to request sensitive personal information (SSN, checking account information, etc.). If you receive a phone call or e-mail that you suspect may be a “phishing” scam, file a complaint with the Anti-Phishing Working Group and contact the IRS immediately.
• Avoid shopping mall kiosks or pop-up preparers who offer to assist you with tax preparation. Considering the amount of sensitive personal information involved in the tax preparation process, you probably don’t want to hand over your files to someone whose experience and background are unfamiliar to you. Ask a trusted friend to introduce you to his/her tax preparer or consult a local CPA association for trustworthy members.

Filing electronically?

• Avoid using wireless networks. Use of wireless networks means your data is being transmitted over open airwaves, similar to a radio transmission. If not properly secured, data can easily be picked up by an uninvited party.
• Don't prepare your taxes on a public computer. Public computers can contain “keylogger” spyware, which records every keystroke including passwords and account information. Keyloggers make it possible for an identity thief to steal any information entered into the computer during your session. Preparing your taxes on a public computer also increases your vulnerability to “shoulder surfers” – individuals who look over your shoulder to observe what you are doing and, more importantly, collect the sensitive data you’re entering.
• Only keep a record of your tax claims as long as necessary. Thieves can't steal what you don't have. Purge the data once the need for it has expired. Suggested guidelines for individual recordkeeping are available online through the IRS at: http://www.irs.gov/publications/p552/ar02.html#d0e617.

Filing by mail?

• Don't put your completed claim in an unlocked mailbox for pick-up. Instead, deposit outgoing mail at a post office.
• Take it one step further and opt for delivery tracking. That way you can be certain that your information has gotten to the IRS safely.
• Waiting for your tax rebate? Promptly remove mail from your mailbox after delivery. The longer your mail sits in an unsecured mailbox, the greater your chances of it falling into the wrong hands.
• You may also choose to have the IRS deposit your tax rebate directly into your bank account, further minimizing the risk of theft.

Every one loves a "Top 10" this time of year, so here is a great one from our friends at Kroll Fraud Solutions. It was put together by Brian Lapidus - Kroll Fraud Solution chief operating officer and identity theft expert.

Enjoy!

1. Beware the Word "Prevent"

No person and no product can prevent identity theft. As long as criminals can benefit from stealing, there will be theft. Sensitive personal information (SPI) is everywhere, housed and archived in a mind-boggling variety of ways. Individuals and companies can reduce access to SPI and improve safeguards around it by working to change how we share, collect, store and dispose of information.

2. There Are No Guarantees

This mantra holds true for a lot of things in life and dealing with identity theft is no exception. While a number of instances of fraud can be restored to pre-theft status, some identity dilemmas simply can’t be fixed. If you’re on the ‘no fly list’ thanks to an imposter or an error, you’ll stay there. A third-party solution cannot deliver a remedy.

3. Watch for "Shoulder Surfers" and "Skimmers"

Shield the entry of personal identification numbers (PINs), and be aware of people standing entirely too close by when using your credit or debit card in public. Especially with the advent of cell phone cameras, a sneaky, shoulder surfing thief can get your private information pretty easily, if you’re not careful. It’s also advisable to use teller machines that are familiar to you, so you are in a better position to identify when the equipment looks different or doesn’t “feel right.” Your increased awareness may reveal a skimmer’s attempt to steal PINs and banking details at that site.

4. Keep Your Social Security Card Safe at Home

Unless you’re on your way to fill out a job application, there are very few reasons to carry around the crown jewel of SPI. At lunch a few weeks ago, the woman beside me opened her wallet for a credit card and there was her Social Security card, too. Remember, ID theft and fraud are not exclusively credit-related – thieves can use a clean Social Security number to construct a whole new life.

Additional note from Dave: I regularly receive emails from Fight Identity Theft visitors explaining how they just had their purse or wallet stolen with their Social Security card inside. Remove that card today!

5. Destroy Before You Dump That Old Computer

Erasing data just enables the computer to write over that space again; it doesn’t actually eliminate the original bits and bytes. Physically remove the hard-drive to ensure you’re not tossing out or passing along your personal details. Our company is often called upon to recover data from an erased or damaged drive; we’re very good at it – and so are some professional thieves.

Additional note from Dave: You could also consider using a software tool like Eraser to do a complete wipe of your drive. If you physically remove your drive, smash the drive with a hammer (find someone strong) before throwing it in the trash.

6. Choose "Forget Me’ Instead of  "Remember Me"

  How many Web sites do you frequent that invite you to enable an automatic log on the next time you visit? Don’t check that box! When convenience trumps confidentiality, you’re asking for trouble. The harder you make it for hackers to follow your trail into an online store or bank account, the better.

Additional note from Dave: This is absolutely necessary when using public computers. In fact, you should avoid accessing any secure sites from a public computer (like a library, internet cafe) or when using a public wireless network or wifi hotspot.

7. Don’t Rely On Fraud Alerts Or Credit Freezes Alone

Fraud alerts are meant to stop an identity thief from opening new accounts in your name. Credit freezes let you restrict access to your credit report, which would also make it hard for someone else to open new accounts. But, neither one will stop a thief from trading your SPI for cash, or using it for tax fraud or in any of the countless other ways fraudsters exploit stolen identities.

8. Practice Prudent Posting

Social networking sites on the internet enable individuals around the world to chat, share photos, recruit employees, date, post resumes, auction property, and more. Because the Web makes it possible for any posted document to link with another, any data you put out online have the potential to stay there for what amounts to electronic eternity.

Additional note from Dave: I suggest creating usernames or an email address that don't contain your name or anything traceable to you, whenever possible. You also might consider using different usernames on different sites. This makes sense because if someone is able to determine that you use "CatLuvr55" on one site, it's an easy search to track down  "CatLuvr55" on any other sites where you have a profile.

9. Keep That Key

When you check out of a hotel where you were issued a card-key to unlock the door to your room, don’t leave the card-key behind. Hold on to it until you’re safely home and can shred or otherwise discard it safely. Some say it’s an urban myth that the card-keys hold vital details like credit card numbers, while others report having tested and confirmed the presence of private data coded into the magnetic strip. Even if there’s no definitive answer, why risk it?

Additional note from Dave: Not sure I'm convinced on this one. I'd need to see more data showing that it is a problem. Snopes.com debunks this pretty thoroughly.

10. What’s In Your Wallet?

Make photocopies of the personal material in your wallet: Driver’s license, credit cards, insurance cards, all of it – front and back. Should your wallet be lost or stolen, you won’t be left wondering what was actually taken, and you’ll be able to quickly notify the appropriate agencies about what has taken place.

Charles Darrow patented Monopoly in 1935. Since then, millions of people have turned giddy when receiving the "Bank Error in Your Favor" card from Community Chest.

Unfortunately, bank errors are nothing but a hassle in real life - the only thing you collect is a headache and frustration. To help reduce the headache, here are 10 things that everyone should know about bank errors:

Be Patient
The problem will not be solved over night. Banks process many transactions every day and it may take a few days for them to track down and solve your problem.

Be Quick
Call in the error to the bank supervisor (there isn't much that a teller can do) as soon as you discover it. The sooner the bank can start looking into it the better.

Keep Notes
Keep quality notes of who you talk to, when you talked to them, and what was said/promised. You may need to make several phone calls and it helps to be able to clearly state who you spoke with and what was said. You also may be required to provide documentation somewhere down the line of what you did. Good records will help make this as painless as possible.

Know the End Game
Ask for a date when the problem should be resolved. This will help keep the bank focused on solving your problem in a timely way.

Dodge Bounced Check Fees
If the mistake is an under deposit (you end up with less money than you thought), you should ask the bank to cover any fees that may occur because of the shortage of funds. The bank should cover fees to fix the problem and any others that occur because the correct amount of funds was not in the account

Don't Spend the Bank's Money
If there is an over deposit, don't spend the money. It might be tempting if the bank accidently deposits an extra $10,000 in your account. Unfortunately the money isn't yours and you shouldn't assume that the bank is going to let you keep it. If you do spend it you are just going to have to give it back - possibly with penalties or jail time if you can't return the money in a timely fashion.

Don't Move the Bank's Money
Don't be tempted to move the money to your brokerage account so you can make some nice interest or buy one of your favorite stocks. Leave the money in the account so the bank can figure out how it got there. Don't take the money out of the account so you don't spend it. The bank needs it there to track where it came from. Also, the money needs to be in your account when the bank figures out where it goes and decides to move it out of your account.

Stop Dreaming
The bank's not going to let you keep the money. Yes, the bank makes errors, but they are not going to let you keep somebody else's money because they made an error. Get over it. Stop dreaming about that Hawaiian vacation or a mall spending spree. It's not your money.

Complain or Switch
Some people seem to have bad luck when it comes to bank errors. I've been lucky and have had very few, but if you're having to deal with a lot of errors you should complain. Call customer support and ask to speak with a supervisor. Let them know how much of a hassle these errors have been. Have a reward in mind for how they can keep you as a customer. If you have a credit card, ask them to lower the interest rate. If you're paying monthly bank fees for your account, ask them to wave them.

If they're unwilling to do anything for you it's probably time to move to a new bank.

Act Fast on ATM Issues
You only have 60 days to report an ATM transaction error. So, if the ATM records show that you took out more money than you actually did or vice versa, you must report it promptly or you are out of luck.

A bank error is not the joyous occasion that Monopoly suggests. It's more like a "Go Directly to Faceless Corporate Bank Hell" card. Follow these ten steps, however, and you'll survive mostly unscathed.

One more thing...

We've noticed on a different blog post - British Lottery Scam - that people are tempted to take a bad check and deposit it, hoping that the bank will become confused and give them the money. Here's how one poster puts it:

I received the lottery scam in the mail. There is a check enclosed that is to be cashed and sent back to pay the British taxes. What would happen if I cashed the check and kept the cash? Would the scammers loose the money?

Ummm... no. Checks like these are forgeries. The scammers don't loose money. You just create a problem for yourself by depositing a bad check, temporarily inflating your bank account, and then suddenly having it removed once the bank figures out it's fraudulent.

Does that sounds fun?

To learn more about bank errors, visit the always excellent bankrate.com.

Recently, a new phishing e-mail has been circulating. The e-mail is the IRS asking for donations to help the victims of the California wildfires. The e-mail is a scam. The IRS is not and never will ask for donations, let alone send out an e-mail asking for financial and personal information.

The e-mail seems real enough. It provides links to an IRS website. The website asks for personal and financial information in order to obtain the donation. It seems like a good thing to do. However, do not enter any personal or financial information, the website is not the real IRS website. The information that is asked for is what the scammers use to steal identities, open new lines of credit and ruin peoples’ credit and lives. If that weren't enough, the links and the e-mail are also thought to contain “malware and other malicious software.”

To protect yourself and help stop the phishing scam the IRS

“urged those who received the scam e-mail to help the IRS shut down the operation by forwarding it to phishing@irs.gov, using instructions found in "how to protect yourself from suspicious e-mails or phishing schemes" on the genuine IRS Web site, http://www.irs.gov.”

On a happier note, the IRS is doing their part to help the wildfire victims. They are extending payment and tax return filing deadlines for victims.

“As California taxpayers start the recovery process, the last thing they should worry about is meeting a tax deadline,” said IRS Acting Commissioner Linda Stiff. “The IRS offers many resources for disaster victims online at IRS.gov, over the phone and in person.”

If you would like to donate to the victims there are several ways in which you can. The LA Times wrote an article with several suggestions of how to help the wildfire victims.

Read the AP's article for all the details of the e-mail scam.