Tax Day: Identity Theft Begins Much Earlier Than April 15

Tax Day is on the horizon. This year it falls on April 17 because of the weekend and a Washington, D.C., holiday. That gives you two extra days to get your taxes completed, but it also gives cybercriminals two extra days to commit identity theft and other types of tax fraud.

During the weeks leading up to the filing deadline, taxpayers face an increasing number of scams and social engineering attacks that are leveraging tax time to bilk people of their credit card numbers, banking account information or other financial data. But these scams aren’t the only way cybercriminals are able to steal your money or your identity. In fact, IRS-related fraud is happening long before April rolls around.

Long Ago Data Breaches

“As there have been so many data breaches over the past several years, hackers can use your personal and financial information in many ways beyond simply making charges to your credit card or withdrawing funds from your bank accounts,” explained Nathan Wenzler, chief security strategist at AsTech. “Commonly, they will use this information to open new credit card accounts, take out loans or generate entirely new identities using your information in which they can apply for any number of financial services.”

So, while you may pride yourself for not falling for the IRS phone or email scams you’ve received this spring, the Equifax breach that many of us have already forgotten about—or any of the countless number of data breaches that occurred in 2017—may have already done serious damage.

How Stolen Data Circles Back to the IRS

Often these new accounts are tied back to your Social Security number, so that means the IRS and other government agencies are going to associate the accounts with you—even if you have no idea they were generated. That means your tax returns may be seen as incomplete, so the IRS thinks you are hiding financial information.

An even worse case scenario is that your tax returns have already been filed by a hacker and they have made a claim to your refund. This flags your actual tax filing as a possible fraudulent activity.

“The IRS has means to report and deal with these situations, but they’re seldom easy or simple,” said Wenzler. “That’s why it’s important to keep a good eye on any financial account or services that are reported to the credit bureaus as being associated to you and ensure that you won’t have any surprises waiting for you when you file your tax returns each year.”

Beyond the IRS

While some hackers will always attempt to hijack your tax return so they can profit from financial fraud, most hackers are more interested in stealing your personal information to create fake identities, according to Joseph Carson, chief security scientist at Thycotic. Whereas some hackers use this information for their personal gain, destroying your credit rating and reputation in the process, others sell your identity to others that could then be used for illegal immigration purposes, resulting in legal headaches for you.

Protecting Your Identity

Of course, you should continue to follow basic security practices including not clicking on links in email from unfamiliar sources, not providing personal information to anyone who calls you and remembering that the IRS doesn’t call or email you when there is a problem. But identity theft through data breaches happens throughout the year, not just at tax time.

Avoiding tax fraud due to identity theft begins the moment you think your data may have been compromised. That begins with finding out if the breached organization is offering credit or identity monitoring and take advantage of it. If they aren’t, ask what they are doing to protect your sensitive information now and in the future. You may want to look into services that monitor your personal information and not depend on someone else to offer it. Many insurance companies are now offering identity theft protection, as well. While that may not alert you that your information is being used fraudulently, it will give you a level of protection as you sort through the legal hassles.

Next year, while it is an inconvenience for many, consider filing as early as possible to avoid someone else filing for you; cybercriminals jump on early filing because they aren’t worried about the deductions and receipts. They’ll use whatever information they find on the Dark Web and let you deal with the consequences. And if you don’t have to pay taxes, file anyway.

“If you do not file your taxes,” said Carson, “it is more likely that cybercriminals will do it for you.”

Featured eBook
The Complete Guide on Open Source Security

The Complete Guide on Open Source Security

This joint report by Microsoft and WhiteSource discusses the difference in finding & fixing vulnerabilities in open source components opposed to proprietary code, how to grasp the unique challenges of open source security and how to tackle them, as well as how to master the best practices of managing your open source security risks. This ... Read More
WhiteSource
Sue Poremba

Sue Poremba

Sue Poremba is freelance writer based on Central PA. She's been writing about cybersecurity and technology trends since 2008.

sue-poremba has 21 posts and counting.See all posts by sue-poremba