Taxpayer Identity Theft

Leave a comment

No one likes tax time;  there are too many forms to complete and often there is money to send.  Well, as with any situation, wait, it will get worse — and it has.  Thieves are filing taxes using your social security number and directing the refunds to themselves.  You may be unaware you are a victim until you try to file your taxes and learn one already has been filed using your social security number.  Or, you may learn from the IRS that you owe additional tax, refund offset or have had collection actions taken against you for a year you did not file a tax return.  Another way you can find you have a problem is if IRS records indicate you received wages from an employer unknown to you.  Of course the problem worsens because if they have your social security number, they may also be stealing other aspects of your identity.

This is a major problem and you need to act immediately!

If your SSN is compromised and you know or suspect you are a victim of tax-related identity theft, the IRS recommends you take these steps:

  • Respond immediately to any IRS notice; call the number provided
  • Complete IRS Form 14039, Identity Theft Affidavit. Use a fillable form at, print, then mail or fax according to instructions.
  • Continue to pay your taxes and file your tax return, even if you must do so by paper.

If you previously contacted the IRS and did not have a resolution, contact the Identity Protection Specialized Unit at 1-800-908-4490.

Then, you need to address the other (non-IRS) dimensions of your identity theft.

  • File a report with your local police department
  • File a complaint with the Federal Trade Commission at or the FTC Identity Theft Hotline at 1-877-438-4338 or TTY 1-866-653-4261.
  • Contact one of the three major credit bureaus to place a ‘fraud alert’ on your credit records:
  • Contact your financial institutions, and close any accounts opened without your permission or tampered with.

Hacking — Are we Safe?

Leave a comment

Last week there was an article in most English-speaking outlets about the group Anonymous hacking a conference call from the FBI to Scotland Yard on January 17, and releasing the contents to YouTube.  The group  was able to access the call because it allegedly obtained an email from the FBI to law enforcement agencies in various countries giving details of how to dial in to the call.   Of course it is quite embarrassing for two of the world’s foremost law enforcement agencies to be subject to such a breach in security.  It is not known whether the information provides critical details for current investigations and whether those investigations were compromised by the leak.  The FBI, which is investigating the incident provided the following statement:  “The information was intended for law enforcement officers only and was illegally obtained. A criminal investigation is under way to identify and hold accountable those responsible.”

What is more of concern to us today is — if it can happen to Scotland Yard and the FBI, how secure are MY emails?  The answer is, “not at all.”   Emails that are sent unencrypted over an open Internet line (the way most of us send our email) are subject to being intercepted.  People can employ electronic devices on Internet lines to read emails and other transmissions.  That is to say, someone other than the intended individual can intercept an email, without the sender or receiver being aware of that fact.  Or, if either party has inadvertently installed spyware on his or her machine, the spies do not even need to intercept the email if it can be diverted automatically.

So, what does a user do to protect him or herself?  First and foremost, remember that emails are not generally secure, and that they should not contain sensitive information.  Social security numbers, credit card numbers, passwords, and other critical information should never be sent via email.  If it could represent the loss of money, security, privacy or identity, it should not be put in an email because it is too easy for it to be stolen.   That means that you should never do business with a vendor that that wants you to send information about your accounts via email OR that sends your full credit card number back to you in an email as a receipt.

Second, be cautious about using open networks.  Many of us use non-secured networks at coffee shops, hotels, and other places where we want to conduct business.  If you have a wireless network in your home, ensure that it is a password protected network.  Open  networks are particularly easy to breech, and their use increases the likelihood that your email will be intercepted.

Third, use virus and malware protections on your computer to be sure that your email is not being monitored before it is ever sent.

Remember, a massive number of emails are sent each day.  One site estimated that in 2010, there were, on average, 294 billion emails sent per day.  The odds of someone finding your email and acting upon it are quite low.  However, care in what you put in the email will help protect you if someone does intercept your email.


Post note:  There is a nice tutorial I recommend:  9 Things You Must Absolutely do to Keep your Online Identity Secure