Scam alert: your secrets are not safe with the IRS

The IRS recently announced that the tax information of 104,000 filers was stolen by hackers and used to file false returns. The same thieves attempted to steal tax data from an additional 100,000 filers, but were unsuccessful.

The unauthorized access of records occurred between February and May of 2015, when hackers used the IRS’s “Get a Transcript” web tool to access filers’ tax return transcripts. The hackers had previously obtained social security numbers of these 200,000 filers from other sources. The IRS pointed out that their servers were not hacked, but their online service allowed resourceful thieves to access filers’ information.

This breach is especially alarming because IRS Transcripts contain sensitive information about filers. Specifically, they include much of the information reported to the IRS on 1040 and the supporting forms, such as W-2s. The stolen information was then used to file 36,500 fraudulent tax returns seeking refunds. As many as 13,000 of those phony returns were accepted by the IRS, for a total of $39 million in refunds paid.

The IRS acted after discovering the breach by closing down the “Get a Transcript” tool for individual filers. Filers may still request their transcripts, but must do so by mailing in a completed form 4506. The IRS has not indicated when it will provide the online service again.

Their next step was to notify all 200,000 victims, informing them that their social security numbers and possibly other personal data was stolen. For those 104,000 whose tax information was stolen, the IRS is offering credit monitoring services. These victims will receive instructions to sign up for the credit monitoring note: these outreach letters will not request any personal identification information from taxpayers). In addition, the IRS will continue to monitor those tax accounts.

As always, victims may apply for identity protection numbers to prevent the filing of future returns using their information. Additionally, the IRS plans to strengthen its authentication procedures.

The hackers were able to answer many of the “out of wallet” security questions by using information that can be easily found on credit reports and social media sites like Facebook. As a result, the IRS will use questions that are more difficult to answer.

The IRS plans to employ a more proactive approach to prevent future breaches by partnering with private tax software companies, payroll companies and state agencies to share data on uncovered scams. Congress may act as well and may move up the date that W-2 forms must be filed with the government to January 31. This change would make it more difficult for scammers to e-file fake 1040s.

If you were affected by this breach, you will receive a notice in the mail from the IRS. If you do not receive a notice, we still recommend you access your free credit reports annually and stay vigilant about keeping your sensitive data protected.

On-line Scams – some to look out for to protect your finances

Our society today has growing appetite for social media and most of us use it for legitimate purposes: connecting with our friends, pursuing our hobbies or building our businesses. Unfortunately, part of the population has a more insidious use for social media: they want to scam you. Thankfully, a little vigilance can go a long way in protecting you from these cyber criminals. Here is one list you can use, from Norton Antivirus, showing the top five social media scams:
1. **Hidden URLs** – Those shortened URLs are convenient, but they may be links to websites you don’t want to visit, or worse, they could install malware on your computer.
2. **Phishing Requests** – When you get an invitation to click on a link to see a picture of yourself at some wild party, think twice. Once you click, you’re taken to a fake Twitter or Facebook login page where you enter you user name and password. Doing this gives the cyber-criminals complete control of your account.
3. **Hidden Charges** – Be wary of those on-line quizzes that offer to tell you interesting information about yourself like which 1960s sitcom star you resemble. If the quiz asks you for personal information, such as your phone number, stop. If you continue, you many end up subscribing to some service that charges a recurring monthly fee.
4. **Cash Grabs** – It’s great to make new friends, but maybe not by “friending” strangers on Facebook. That person you just friended on Facebook may soon be asking you for money. You can avoid this situation by limiting your social media connections to people you know personally.
5. **Chain Letters** – Sure, you want to be sure that Microsoft will donate the millions it promised to some worthy charity if you keep the on-line chain letter going. However, such “chain letter” e-mails are a way for scammers to access your friends to connect with them later.
Sites that are popular with users are popular with criminals, too. Be vigilant, keep your anti-virus and anti-malware software up to date and think twice before clicking on a suspicious link!