Few things cause more concern than a letter in the mail from the Internal Revenue Service (IRS). Though the agency sends out letters or notices for many reasons, identity theft is one of the fastest-growing issues for the IRS. In short, identity thieves have been capturing Social Security numbers and other tax filing data file fraudulent returns for the purpose of stealing tax refunds.
This has been a watershed year for such activity. Just this past tax season, TurboTax, the leading tax preparation software company, had to stop transmitting state tax returns and introduce new safeguards after a run of suspicious returns. In March, the U.S. Treasury Department reported slightly over 2.9 million incidents of tax-related identity theft in 2013, up from 1.8 million in 2012. As to dollar loss, in January, a General Accounting Office (GAO) report said the IRS had prevented an estimated $24.2 billion in fraudulent identity theft tax refunds in 2013, but actually paid $5.8 billion in refunds later determined to be fraudulent.
These events are in addition to ongoing phishing scams – fraudulent emails sent on behalf of the IRS asking for Social Security numbers and other account information – which continue to target taxpayers and the agency. Such acts are particularly tough on taxpayers who are not particularly tech- or security-savvy.
Tax identity theft is really no different than any other form of identity theft in terms of damage done. Thieves illegally obtain your Social Security number and go to work on your finances and reputation. The damage will probably turn up on your credit report in the form of new (and likely unpaid) credit or loan accounts you don’t recognize or credit inquiries from employers or agencies you’ve never contacted. The problem may take months or years to straighten out.
However, the recent wave of tax-related identity theft is troubling because taxpayers not watching their credit data very closely might have a delayed awareness of the crime. To begin, many taxpayers find out they’ve been hacked only from a physical letter from the U.S. Postal Service arrives – the IRS never sends taxpayer-specific correspondence via email – saying that more than one return has been filed in the taxpayer’s name. That could mean a significant amount of time has passed between the hack and the taxpayer hearing about the problem. Electronic filers might find out sooner because their return might bounce if a fraudulent one was successfully filed earlier.
Recent reports quote the IRS as saying it tries to settle such cases within 4-6 months, but others indicate the wait is longer. Anyone dealing with identity theft needs to move fast and be actively involved in containing the damage; regulators can’t do it for you and services that say they can handle everything probably won’t.
If you’ve been a victim, here’s where you start:
First, go to the identity theft action pages on both the Federal Trade Commission and the IRS websites for the immediate ways to deal with the problem. Keep in mind the process will include the following immediate steps:
- Order your current credit reports and then putting a fraud alert on each at the three major consumer credit rating agencies – Equifax, Experian and Follow up in a couple of days with a phone call to make sure those alerts are active.
- Start a physical or computer-based file where you can organize, date and file all contacts, communications and paperwork associated with your case and any fraudulent transactions you find.
- Create an identity theft report with the FTC and your local police department. This will help you document the fraud and help regulators and law enforcement if there is an arrest.
- Make a call list for all creditors, banks, investment companies, utilities and your employer to let them know about the breach. If you work with qualified financial and tax experts, inform them too. If you’ve spotted fraudulent accounts, contact those entities to put a freeze on them and thereby limit potential losses. Think about your list this way – if you’ve shared your Social Security or other personal or financial data with any trusted entity, they need to know you’ve been hacked so they can take their own security measures. In some cases, you may need to change account numbers.
If you’ve never experienced this type of identity theft, don’t take your luck for granted. Explore the following to stay safe:
- Even if you file your taxes by regular mail, make sure you set up your own personal IRS e-services account, because news reports have surfaced that identity thieves with access to Social Security numbers and other personal data are setting up those accounts in taxpayer name, illegally filing and collecting refunds.
- Review and schedule receipt of your three credit reports throughout the year. By law, you are entitled to one free copy of each of the agencies’ reports annually. Staggering receipt of your credit reports, rather than checking all three at once, will let you see inaccuracies and potential illegal activity throughout the year for free.
- Get in the habit of sharing as little personally identifying information as possible in person and online.
Bottom line: Tax-related identity theft has been on the rise, so redouble your efforts to review your credit information and limit sharing of personal and financial data in general.
This article is intended to provide general information and should not be considered legal, tax or financial advice. It’s always a good idea to consult a legal, tax or financial advisor for specific information on how certain laws apply to you and about your individual financial situation.
Nathaniel Sillin is the Head of Global Financial Literacy at Visa Inc. and runs the company’s financial literacy program in the United States, which includes the award-winning Practical Money Skills for Life and What’s My Score programs. As part of his work at Visa, Sillin is a frequent public speaker and an active voice in the financial literacy community.
Views expressed are the personal views of the author, and do not represent the views of the National Foundation for Credit Counseling, its employees, its members, or its clients.