I am one of the growing number of victims of 2011 tax return identity theft.
I learned on February 6th, when I tried to submit my return electronically through TurboTax (on-line software that I have used safely since 2001), that someone had submitted a tax return using (1) my last name, (2) my date of birth, and (3) my social security number.
To say I was freaked out underplays the enormity of the situation!
I called TurboTax and, after much prompting and bullying, I was able to get the first name, street and city address, email address and telephone number of the “person” who perpetuated this fraud. The first name was similar to mine but misspelled; the residential address did not exist; the telephone number was also bogus; and I couldn’t determine validity of the hotmail.com email address used. I couldn’t get TurboTax to divulge the amount of the tax refund, nor the bank to which the refund was to be deposited, and as far as I know the IRS paid the fraudulent return.
Since the IRS must now make a determination as to which of the returns is legitimate, it could take a year or more for me to receive my refund. Fortunately, being both financially strapped by my hospitalization in December 2010 and a permanently disabled taxpayer, the IRS’s Taxpayer Advocate Service (to which you must prove economic harm] is helping me to speed up payment of my refund (which I may receive this calendar year–gak!).
How, I have wondered since I informed the IRS of the situation and submitted my tax return by snail mail, along with IRS Form 14039 (Identity Theft Affidavit, available here), did the thief get the 3 critical pieces of information needed to steal our tax dollars.
I looked at EVERY one of my on-line accounts, from banking to sniping websites, to see which (if any) provided the necessary information. While my last name was often always available, my complete SSN was available at only a few sites, and not one site contained my date of birth EXCEPT for my TurboTax on-line account (which pieces of information I immediately deleted).
Since TurboTax admitted that the fraudulent return was submitted via their website on the 26th of January, and since nowhere else on the internet were all 3 pieces of data available to a hacker, I have concluded that TurboTax was the thief’s source. Although TurboTax/Inuit would not admit to having had their database hacked, I was extremely insistent that the fee charged by Inuit be refunded, and they also refunded me the fee to file last year. However, I still believe that the TurboTax database is no longer secure and so I’m speaking out.
Here’s how the IRS says this type of identity theft occurs and how to protect yourself:
While the Federal Trade Commission, the lead agency on identity theft, reported that the IRS has a low number of identity theft crimes, we take this issue very seriously.
What is identity theft?
Identity theft occurs when someone uses your personal information such as your name, Social Security number or other identifying information, without your permission, to commit fraud or other crimes.
Identity theft is a serious crime. People whose identities have been stolen can spend months or years, and their hard-earned money, cleaning up the mess thieves have made of their good name and credit record. In the meantime, victims may lose job opportunities, be refused loans, education, housing or cars, or even get arrested for crimes they didn’t commit.
How can you minimize becoming a victim?
- Don’t carry your Social Security card or any document(s) with your SSN on it [I don’t].
- Don’t give a business your SSN just because they ask – only when absolutely necessary [I haven’t].
- Protect your financial information [exactly what this entails is unknown, but it sure sounds good!].
- Check your credit report every 12 months [I pay for Experian’s credit protection service which automatically notifies me of fraudulent credit card and loan activity; however, none of the credit bureaus monitor fraudulent tax returns].
- Secure personal information in your home [I use a locked safe].
- Protect your personal computers by using firewalls, anti-spam/virus software, update security patches, and change passwords for Internet accounts [all of which I do religiously].
- Don’t give personal information over the phone, through the mail or on the Internet unless you have initiated the contact or you are sure you know who you are dealing with [uh, duh].
Remember, the IRS does not initiate contact with taxpayers via e-mails, and the IRS does not request detailed personal information through e-mail [I never received any fraudulent e-mails].
What if you are a victim of identity theft?
- Report incidents of identity theft to the FTC at http://www.consumer.gov/idtheft [I couldln’t get this website up] or the FTC Identity Thefthotline at 1-877-438-4338 [after being on hold for more than an hour, I gave up and began researching requirements personally] or TTY 1-866-653-4261.
- File a report with the local police.
- Contact the fraud departments of the three major credit bureaus [my bank provided this service for free, and also reviewed with me by phone the results of all three reports]:
Equifax – http://www.equifax.com 1-800-525-6285
Experian – http://www.experian.com 1-888-397-3742
TransUnion – http://www.transunion.com 1-800-680-7289
- Close any accounts that have been tampered with or opened fraudulently [I had/have none].
How could identity theft impact your tax records?
- Individuals may use your SSN to get a job [not applicable to me]. That person’s employer would report the W-2 wages earned using your SSN to IRS. This may give the appearance that you did not report all of your income on your return.
- When you subsequently file your tax return the IRS will believe you already filed and received a refund, and the return you actually submitted is a second copy or duplicate [although why the IRS doesn’t review prior tax records that would clearly have shown the misspelling of my first name, a non-existent residential address, and a non-existent telephone number is beyond my comprehension].
- Be alert to possible identity theft if you receive an IRS notice or letter [which I never received] that states that:
- More than one tax return for you was filed, or
- IRS records indicate you received wages from an employer unknown to you.
How can you protect your tax records?
If your tax records are not currently affected by identity theft, but you believe you may be at risk due to a lost/stolen purse or wallet [which never happened to me], questionable credit card activity or credit report, etc., contact the IRS Identity Protection Specialized Unit at 1-800-908-4490 [good luck!].
What should you do if your tax records are affected by identity theft?
If you receive a notice from IRS [which I didn’t], respond immediately. If you believe someone may have used your SSN fraudulently, please notify IRS immediately by responding to the name and number printed on the notice or letter.
What if you receive an e-mail claiming to be from the IRS [I didn’t]?
- Remember, the IRS does not initiate contact with taxpayers via e-mail, and the IRS does not request detailed personal information through e-mail.
- Confirm the contact you have received is from the IRS by calling 1-800-829-1040.
- Please forward the bogus e-mail claiming to be from the IRS to email@example.com. Go to IRS.gov (keyword phishing) to get instructions on how to forward thee-mail message.
- Do not open attachments or click on the links found within the bogus e-mail.
Here are what a consultant for LifeLock says are the newest strategies employed by identity thieves:
- Tax time has always been a period of increased identity theft. Traditionally, thieves have stolen tax forms and tax return checks from mailboxes, but new technologies present new opportunities. File sharing software, allows users to access other people’s computers, including sensitive financial information. If you (or your kids) are using it, you need to stop [I don’t use any software like this].
- There’s always a rash of emails purportedly from the Internal Revenue Service, requesting identity or account confirmation during tax season [which I have never seen]. These are phishing attempts. Never reply to any emails asking for your personal or financial information; the IRS, banks and credit card companies will never request this information via email.
- A recent hack of Monster.com illustrates just one of the ploys thieves are using to access job hunters’ information [I’m not job hunting]. Another increasingly common strategy is posting a bogus job ad, and conducting bogus job interviews [not in my case]. Once the interview is over, the interviewer requests personal information like birth date and Social Security number under the guise of conducting a background search. Always research a company before giving out any personal information.
Identity theft could also occur when:
- Someone steals your wallet or purse [not my case].
- Posing as someone who needs information about you through a phone call or e-mail [not in my case].
- Looking through your trash for personal information [I shred everything].
- Accessing information you provide to an unsecured Internet site [not my case].
All of this beggars the question, “How was my identity was stolen?”, so I’m still convinced that TurboTax was hacked. Interestingly, the weekend of 4-5 February 2012 saw urgent news reports in southern Florida (where a friend of mine was visiting relatives) stating that the tax return identities of more than 20,000 people had thus been stolen. I saw nothing of this, however, on the national news services.
The IRS has prosecuted people for identity theft, but as you might already imagine, the process is neither swift nor particularly injurious to thieves.
I hope this horrible crime never happens to YOU!
Compliments of the
UPDATE 2012: The loophole to untold illegal riches is explained here.
UPDATE 2013: Click here for information about security improvements.