IRS tax tips: 6 ways to stop cybercriminals from accessing your private information
By James Leggate Published July 17, 2019 TaxesFOXBusines
FBN's Cheryl Casone on the IRS's warning about a rapidly growing refund scam.
The IRS says it has made “major progress” against identity theft in tax returns, but evolving tactics still threaten taxpayers’ sensitive data.
In 2015, the IRS reached out to state officials and professionals in the tax industry to try to fight back against people filing fraudulent returns. Between 2015 and 2018, the number of taxpayers who reported to the IRS that they were victims of identity theft dropped 71 percent, from 677,000 to 199,000, according to IRS data. During that same time, the number of identity theft tax returns the IRS said it stopped dropped 54 percent, from 1.4 million to 649,000.
But the IRS said fraudulent tax returns filed using data stolen from tax professionals can be harder to detect. While efforts have slowed the number of reported fraudulent tax returns, cybercriminals have been increasingly targeting tax professionals’ offices for data theft, officials said.
“The IRS, states and the private sector tax industry have taken major steps to protect taxpayers,” IRS Commissioner Chuck Rettig said. “But a major risk remains, regardless of whether you are the sole tax practitioner in your office or part of a multi-partner accounting firm.”
The IRS recently released a checklist of ways it recommends taxpayers and tax professionals can protect their data. To start, they suggest using typical computer security measures like anti-virus software, a firewall, two-factor authentication and drive encryption.
It’s also a good idea to create a data security plan — it’s federal law for all professional tax preparers to have one for client data. The government asks tax professionals to focus on information systems and ways to detect and manage failures, as well as employee management and training.
The IRS said people should also educate themselves about email scams like phishing emails and ransomware.
And professionals should learn to recognize signs that a client’s data has been stolen, such as letters from the IRS about suspicious returns in their name, having more returns filed with a practitioner’s electronic filing identification number than submitted or receiving unrequested tax transcripts.
In the event of data theft, the IRS said to contact its local stakeholder liaison immediately and contract with a cybersecurity expert to prevent future data thefts.
Sharonne Bonardi, president of the Federation of Tax Administrators board of trustees and the Maryland deputy comptroller, said officials need tax preparers across the country to help fight tax-related identity theft.
“We cannot let our guard down in this fight because our common enemy is well-funded, technologically skilled and savvy about state and federal tax processes,” Bonardi said.
Here's a recap of the six steps the IRS says taxpayers and professionals should take to protect their private information.
Install anti-virus software
Use two-factor authentication
Establish an encrypted Virtual Private Network (VPN)
IRS ends amnesty for offshore tax cheats
U.S. taxpayers with offshore accounts have lost an IRS-granted protection that allowed some 56,000 people to escape a prison sentences using a program started in 2009, has ended effective September 28, 2018. The I.R.S. collected $11.1 billion in taxes, interest, and penalties through the effort; however only 600 people availed themselves of the offer in 2017.
Under the Offshore Voluntary Disclosure Program (OVDP), taxpayers were allowed to confess their secret accounts and pay a heavy fine in exchange for potential protection from criminal liability. Provisions on the OVDP called for penalties that could have reached as high as 50 percent of what was being shielded overseas.
The IRS began a rampant crackdown on offshore accounts in the mid- to late-2000s, after a whistleblower revealed that Swiss Bank UBS was helping U.S. taxpayers avoid payments.
The Foreign Account Tax Compliance Act requires foreign financial institutions to disclose foreign assets held by U.S. residents.
Among the tools the agency will use to continue prosecuting those who fail to properly report foreign assets are whistleblower leads, civil examination and criminal prosecution. The agency said its criminal investigations have resulted in the indictment of 1,545 taxpayers on criminal violations related to international activities, including 671 of which were indictments on international criminal tax violations.
Scam Prevention: Verifying Phone Numbers
Ever get a call from a number that you do not recognize? Maybe it is a scammer pretending to work for Google or Facebook, or maybe you really have won an all expenses paid trip to Sandals. It is worth investigating, to say the least.
There are several ways to lookup phone numbers aside from using that huge Yellow Pages book that's been sitting on your porch getting rained on for months. Online search engines are the new 'best' way to look up numbers.
Whether you need to find the right number or you want to see who it was that called you, one of these methods is almost sure to work.
This should be the first thing that you try when you have a question like this. It is simple and probably the most reliable way to find a phone number. If you get a call and want to find out the number, just Google the phone number.
If you need to find the proper number to call a 1-800 business, a good trick is to type 800 (business name). For example, I would Google "800 ATT" to find the 800 number for AT&T customer service.
Simple and easy, this solution should work most of the time.
If Google didn't do it for you, try Zabasearch. It is a massive online database of personal information. By using the 'reverse phone lookup' feature you can discover where that mysterious caller is from, and often get their name, and even a full background check.
You can also look people up by name, and if you pay for the advanced features you can even find out their number through these means. All of the information they have is a matter of public record.
3. Social media
Ever try to creep a person's social media for a phone number? This can be a great way to find personal cell numbers or email addresses of many people. Jump on to a site like Facebook and try and find the person in question. Unfortunately, not everyone lets you view their profile without first befriending them. But hey, you could always use Facebook messenger to ask them for their number. Doesn't hurt to try, right?
4. Search for a username
If you happen to know the username that a friend uses, but you want their phone number, you may be able to find it by searching for the username. This may seem strange, but it is more common for online user profiles with a made up username to be associated with a phone number than those associated with a real name. It is worth checking if you happen to know a username that applies to the person.
AnyWho is an online phone book that is connected to the Intelius background search. It has a reverse phone lookup feature similar to Zabasearch, but it has a Yellow pages section that is very handy. Here you can search for a business name or type to find what you are looking for.
By James Gelinas, Komando.com
Update: July 24, 2019
If you were affected by the massive 2017 Equifax data breach, you can start filing claims for your share of the settlement. The Federal Trade Commission (FTC) recently announced that the consumer credit reporting agency has agreed to pay $575 million in the incident that saw millions of Americans' data leaked onto the internet.
The FTC has just released information to help you find out if you qualify for a piece of the settlement. The FTC also is providing instructions on how to file for a monetary claim or to receive free services from Equifax. Tap or click here to file a claim.
When a data breach occurs, it's often a massive catastrophe for those involved. Not only can the ordeal lead to widespread crimes like identity theft and fraud, but victims often incur financial pitfalls and lost time for their troubles. Because of this, it's no wonder that affected parties are so adamant that justice is served against those responsible for the breach and related crimes.
Well, for those affected by the unprecedented Equifax breach of 2017, the score is about to be settled. The FTC and Equifax have finally agreed to compensate millions of Americans that had their data leaked -- with some even qualifying for thousands of dollars in reimbursements for costs incurred after the attack.
While nothing can give back the time and energy that victims spent fighting breach-related crimes, this settlement is a major step in the right direction. If you, or a loved one, found yourselves in the crosshairs of the Equifax breach, here's how you can find out if you're eligible to make a claim in this extraordinary case.
What did the FTC and Equifax agree to?
On July 22, the FTC announced that Equifax has agreed to pay $575 million as part of a settlement related to the massive 2017 data breach that saw millions of customer's data leaked to the internet. This breach has regularly been described as one of the worst in history -- with many of the victims unaware that their data was even hosted by Equifax.
As an entity established to assess creditworthiness, Equifax enjoyed privileged access to private consumer data. To make it easier for its affiliates to run credit reports, this data was hosted on servers owned by the company -- servers which fell victim to cyberattacks.
This meant that wide swathes of consumers had their data leaked online at no fault of their own, with several even falling victims to fraud, identity theft, and other cybercrimes in the process.
Information leaked in the breach included names, addresses, Social Security numbers, payment card numbers, and expiration dates.
Per the FTC settlement, Equifax has agreed to offer free credit monitoring services to any affected parties for up to 10 years. Additionally, the company is required to offer cash payments of up to $20,000 per person in order to refund any expenses that resulted from the attack. This can include expenses from legal fees, lost or stolen money, and other costs related to monitoring or restricting your credit report.
New York Attorney General Letitia James weighed in on the historic decision, stating that Equifax's "...ineptitude, negligence, and lax security standards endangered the identities of half the U.S. population." Since the judgment has now fallen on Equifax to make right with affected parties, we can only hope the process goes smoothly for anyone who lost time or money because of the incident.
Will I qualify for compensation from Equifax?
Right now, there isn't a process to file a claim just yet. To prepare for the task, the FTC has put up a webpage with more details about the plans in the works.
It's advising affected parties to hang on to any related documents from "your efforts to avoid or recover from identity theft after the 2017 [breach]." These documents will likely be used to verify your claim during the process.
The FTC is also advising consumers to bookmark the webpage and sign up for email alerts -- which will include any important updates on the settlement process.
According to the FTC, consumers whose claims are approved can expect to be compensated for identity theft related expenses and losses, as well as $25 per hour up to 20 hours for time spent dealing with the fallout from the breach. Any payments in the settlement are currently capped at a maximum of $20,000 per person.
Additionally, affected consumers are eligible for free credit monitoring, courtesy of Equifax, for 10 years following a claim. If you already have credit monitoring, you can opt for $125 cash instead. If you were a minor in May 2017, however, you are eligible for up to 18 years of free credit monitoring.
Once claims open up, the FTC will provide more details on its website on how to file. We'll be updating this story as more details on the process and settlement come to light in the coming months.