Cyber Safety for Tax Season
What can be done to prevent scams
The IRS has reported a significant increase in fraudulent tax returns, totaling $63 billion in bogus claims between 2011 and 2014. Fraudulent tax returns are quickly becoming everyone’s problem: Not only are the victims left waiting for months to years for their legitimate refund, the extra funds going out of government coffers means other programs and government initiatives may fall by the wayside.
© | Dreamstime.com
If you happen to be unlucky enough to be targeted, here’s what happens:
You go to file your income tax return like normal, whether online or using the old paper method. When you do, you receive a notification that you’ve already filled your return. This is because the IRS has already received a false return and begun to process it. When they receive a second return from you, it’s technically already been filed so they tell you your return can’t be processed.
The IRS will need time to conduct an investigation and find out who the fraudulent party is, which could delay your refund for months or even longer. So how does a fraudulent return get filed? Well, it’s pretty simple: a hacker obtains your SSN and files a false return online pretending to be you.
Since the majority of your personal details can be easily gathered online (address, phone number, birth date, etc.), the one piece of information that hackers are really out to get is your SSN. With an SSN and a few hours of online searching, they can gain everything they need to file a false return. Last year, the Wall Street Journal reported that 300,000 accounts on the IRS website were hacked—accounts that contain more than just your SSN. With the multitude of data breaches last year, SSNs were not a rare commodity for sale on the dark web. Even with the introduction of the new e-PIN system, you can’t rely on it to be protected. As you’re reading this, hackers are already working on ways to bypass it.
With fraudulent tax returns being so prevalent and hackers who seem to always be ahead of the curve, what can be done? As always, prevention is the first and most important step. No one wants to deal with mountains of paperwork, years of credit monitoring, or an IRS investigation—not to mention what waiting for a refund can do to your plans. Stopping the hacker from filing the false return is the best route to take, but that is going to require some effort from all sides. The Canada Revenue Agency has posted information about how to protect yourself from identity theft and fraud as well as the IRS, but there’s more that can be done.
Since two-factor authentication (2FA) is the best line of defense for securing online accounts, governments need to start implementing 2FA options to protect both themselves and the public. With 2FA, you not only need the information you know (username/password), but also a second factor that only you have. By using a token, you can greatly reduce the risk of someone from simply hacking in and stealing your authentication credentials.
This would, of course, require effort on the government’s part, but implementing a system like this can really help protect you since you’d be the only person with access to your information and the hardware token. It would also help to decrease the amount of fraudulent claims, investigations required, false payouts, and more. In short, a 2FA system is beneficial to everyone.
You can read more here on how to protect yourself from identity theft and fraud.