Few things cause more concern than a letter in the mail from the Internal Revenue Service (IRS).
Though the agency sends out letters or notices for many reasons, identity theft is one of the fastest-growing issues for the IRS. In short, identity thieves have been capturing Social Security numbers and other tax filing data in order to file fraudulent returns for the purpose of stealing tax refunds.
This has been a watershed year for such activity. Just this past tax season, TurboTax, the leading tax preparation software company, had to stop transmitting state tax returns and introduce new safeguards after a run of suspicious returns. In March, the U.S. Treasury Department reported slightly over 2.9 million incidents of tax-related identity theft in 2013, up from 1.8 million in 2012. As to dollar loss, in January, a General Accounting Office (GAO) report said the IRS had prevented an estimated $24.2 billion in fraudulent identity theft tax refunds in 2013, but actually paid $5.8 billion in refunds later determined to be fraudulent.
These events are in addition to ongoing phishing scams -- fraudulent emails sent on behalf of the IRS asking for Social Security numbers and other account information -- which continue to target taxpayers and the agency. Such acts are particularly tough on taxpayers who are not particularly tech- or security-savvy.
Tax identity theft is really no different than any other form of identity theft in terms of damage done. Thieves illegally obtain your Social Security number and go to work on your finances and reputation. The damage will probably turn up on your credit report in the form of new (and likely unpaid) credit or loan accounts you don't recognize or credit inquiries from employers or agencies you've never contacted. The problem may take months or years to straighten out.
However, the recent wave of tax-related identity theft is troubling because taxpayers not watching their credit data very closely might have a delayed awareness of the crime. To begin, many taxpayers find out they've been hacked only from a physical letter from the U.S. Postal Service arrives -- the IRS never sends taxpayer-specific correspondence via email -- saying that more than one return has been filed in the taxpayer's name. That could mean a significant amount of time has passed between the hack and the taxpayer hearing about the problem. Electronic filers might find out sooner because their return might bounce if a fraudulent one was successfully filed earlier.
Recent reports quote the IRS as saying it tries to settle such cases within 4-6 months, but others indicate the wait is longer. Anyone dealing with identity theft needs to move fast and be actively involved in containing the damage; regulators can't do it for you and services that say they can handle everything probably won't.
If you've been a victim, here's where you start:
First, go to the identity theft action pages on both the Federal Trade Commission and the IRS websites for the immediate ways to deal with the problem. Keep in mind the process will include the following immediate steps:
- Order your current credit reports and then putting a fraud alert on each at the three major consumer credit rating agencies -- Equifax, Experian and TransUnion. Follow up in a couple of days with a phone call to make sure those alerts are active.
- Start a physical or computer-based file where you can organize, date and file all contacts, communications and paperwork associated with your case and any fraudulent transactions you find.
- Create an identity theft report with the FTC and your local police department. This will help you document the fraud and help regulators and law enforcement if there is an arrest.
- Make a call list for all creditors, banks, investment companies, utilities and your employer to let them know about the breach. If you work with qualified financial and tax experts, inform them too. If you've spotted fraudulent accounts, contact those entities to put a freeze on them and thereby limit potential losses. Think about your list this way -- if you've shared your Social Security or other personal or financial data with any trusted entity, they need to know you've been hacked so they can take their own security measures. In some cases, you may need to change account numbers.
If you've never experienced this type of identity theft, don't take your luck for granted. Explore the following to stay safe:
- Even if you file your taxes by regular mail, make sure you set up your own personal IRS e-services account, because news reports have surfaced that identity thieves with access to Social Security numbers and other personal data are setting up those accounts in taxpayer name, illegally filing and collecting refunds.
- Review and schedule receipt of your three credit reports throughout the year. By law, you are entitled to one free copy of each of the agencies' reports annually. Staggering receipt of your credit reports, rather than checking all three at once, will let you see inaccuracies and potential illegal activity throughout the year for free.
- Get in the habit of sharing as little personally identifying information as possible in person and online.
Bottom line: Tax-related identity theft has been on the rise, so redouble your efforts to review your credit information and limit sharing of personal and financial data in general.
Nathaniel Sillin directs Visa's financial education programs. To follow Practical Money Skills on Twitter: www.twitter.com/PracticalMoney