IDENTITY THEFT AND HOW TO PROTECT YOURSELF

Key takeaways

• Enroll in additional security features like 2-factor authentication and secure your mobile phone and email accounts.
• Be wary of calls or emails threatening legal action or account closures. Don't trust calls from individuals claiming to represent technical support, the IRS, or your financial institutions.
• File your tax return as early as possible.

Being contacted by the Internal Revenue Service (IRS) can cause concern for any taxpayer, but imagine receiving a telephone call and hearing this:

"This prerecorded message is to notify you that the IRS has found fraud and misconduct on your tax return. This needs to be resolved immediately, and it's very important that I hear from you as soon as possible or a legal action will be taken against you."

Most people are quick to spot the call as a fake since the IRS doesn't threaten taxpayers by telephone, emails, or text messages—or issue arrest warrants. But any scam can work if you aren't paying close attention.

Remember these guidelines:

• If something seems fishy, hit the brakes. Wait until your emotions have settled and research what's going on. Fraudsters use tight deadlines to try to force you into a rash decision.
• Never call back a number in a message asking for sensitive information, like in the example above. Don't follow a link in an unsolicited email or text message either. Go to the website of the company or organization, or call their main phone number, and get in touch with them through direct channels.
• When in doubt, do an internet search for the company or organization involved, followed by the word "scam."
• If you think you've been a victim of ID theft, put a freeze on your credit files if you don't plan to borrow money soon—or place a fraud alert on your credit reports. The freeze prevents any new credit from being approved, but you can freeze and unfreeze your credit file for free. The fraud alert notifies lenders and creditors that they should take extra steps to verify your identity before extending credit.
• Contact one of the 3 credit bureaus to request a fraud alert or credit freeze - Equifax at 800-525-6285 (equifax.com), Experian at 888-397-3742 (experian.com), or TransUnion at 800-680-7289 (transunion.com).

Find out what to watch for and what to do if you think you're a victim of a financial fraud in these 6 common scams.

1. Tech support scam

You may get a call alerting you to a problem with your computer, or a message may pop up on the screen saying your computer is infected with a virus. If you follow the instructions of the caller or the screen message, your computer may be taken hostage and your personal information stolen. You are then asked to pay a fee to restore access to your computer or data.

What to do:

• Prevention is the best medicine. Don't click pop-up ads or attachments from unknown senders. Avoid clicking links in emails. Visit known websites by manually typing the URLs in a browser.
• Do not allow anyone to control your computer remotely and never give passwords and security codes to anyone on the phone.
• Hang up if you receive a tech support call, and don't respond to scare messages about your computer being infected. If you need help with your computer, go to your local computer or electronics store.
• Back up your data regularly. That way, you can reboot and regain control of your computer by cleaning your hard drive and reinstalling your operating system.
• Sign up for highest levels of security offered.

2. Tax refund fraud

A criminal, having illegally obtained your Social Security number, files a fraudulent tax return in your name and collects a refund. When you submit your legitimate tax return, it is rejected because the IRS has already processed a return with your Social Security number. In some cases, you may receive a notice prior to filing your return that the IRS has received a suspicious return using your identity.

What to do:

• File your return early, reducing the likelihood that a criminal would have previously filed a fraudulent return.
• If your return is rejected because of a duplicate filing under your Social Security number, submit Form 14039, to the IRS.
• Remember, the IRS will contact you through the US Postal Service, not a phone call.
• Do not return a call from someone claiming to be with the IRS.
• Visit Identity Theft Central for information about tax-related identity theft and data security protection from the IRS. It can make sense to review the identity theft information provided by your state as well.
• Continue to pay your taxes and file your legitimate tax return, although you may have to submit a paper return rather than an electronic one. Attach Form 14039, Identity Theft Affidavit, when filing your return.
• The IRS may also have you file yearly with a pin they assign you every year.

3. Employment or health care fraud

A person uses your identity to obtain a job or receive health care services. You may get a letter from the IRS after filing your taxes saying that you appear to have underreported your income. Or, in the health care version of the scheme, you get a bill for medical exams, procedures, and prescription drugs that you never received. The pandemic has provided scammers with opportunities for fraud, and the Office of the Inspector General in Health & Human Services has issued a fraud alert connected to COVID-19 related health care scams.

What to do:

• If you suspect you are a victim of taxpayer identity theft, immediately contact the IRS and file Form 14039, Identity Theft
• Never surrender Social Security, Medicare, or health insurance numbers to anyone you don't know and trust.
• If you believe someone has signed up for health insurance in your name, call the Health Insurance Marketplace call center at 800-318-2596, and explain the situation.
• If it's Medicare-related, file a complaint with the Office of the Inspector General in Health & Human Services.
• Review the Medical Identity Theft checklist on the Federal Trade Commission's website for more steps to take.

4. Unemployment benefits scam

Scammers who apply for unemployment benefits in your name could prevent your legitimate claim from going through—while they collect the benefits you're entitled to. This scam became more prevalent in 2020 as unemployment benefits were temporarily expanded due to COVID-19. If you have a job, your employer may alert you to a fraudulent claim in your name or you may find out when the unemployment office sends a letter about a recent claim.

What to do:

• Notify the unemployment office in your state about the fraudulent claim.
• Report the crime and start a recovery plan on IdentityTheft.gov. Click on the button that says "Unemployment benefits identity theft: Click here to report."
• Be sure to review the identity theft page maintained by your state as well for more potential steps.
• File a police report if possible.
• Freeze your credit or put a fraud alert on your credit reports.

5. Credit card fraud

Someone using your identity signs up for a credit card and racks up large charges. A crook who obtains a new card could use it extensively before being discovered. Sometimes, a stolen identity is used to obtain personal loans or open unauthorized financial accounts. You will likely learn about this when bills are not paid and you are contacted by collection agencies looking for payment.

You may notice either you are not getting any postal mail (due to address fraud or theft) or you start receiving confirmation or decline letters for credit cards or loans that you did not initiate.

What to do:

• Report the crime and start a recovery plan on IdentityTheft.gov.
• File a police report.
• Freeze your credit or put a fraud alert on your credit reports.
• Sign up for alerts from your bank or credit card issuer to stay on top of your legitimate accounts.

6. Fake charities

You are solicited by email, phone, or in person to contribute to an organization that sounds like a good cause but is actually a scam. Such schemes may be general in nature, often using a name very similar to a well-known charity, or they may be more targeted, attempting to prey on people who are victims of a natural disaster or known to have a personal interest in a particular disease or social cause. These days, charity scams are also being circulated through social media posts on sites like Facebook, Twitter, WhatsApp, and LinkedIn.

What to do:

• Before contributing, research the charity through the (Better Business Bureau's (BBB) Wise Giving Alliance), (Charity Watch (tells salaries of execs, ratings), or (Guide Star (all about non-profits).
• If you suspect you have been a victim of charity fraud, file a complaint on IdentityTheft.gov. (federal trade commission)

7. MAIL FORWARDING FRAUD

What you aren’t going to find on basically any research that you do is the newest, latest greatest type of identity theft. We only know about it because it happened to me. First the thieves hack your email, but only to put in a stop on your informed mail delivery, if you have it. That is where pics of your incoming mail shows into your email box. Then they forward your mail while that is off.

          Once your mail is being forwarded, bank statements, credit cards, etc, they now have access to all of your personal information. Then they apply for new credit cards under your name. And since they turned off 2FA, you don’t get the notification on that either. When I first saw a new credit card number on my online banking, I thought they were changing one of my card numbers. Which has happened previously, so I called the bank.

More Key takeaways

• Be wary of emails, phone calls, or texts that ask you to supply information like a password or personal information.
• Be aware of the fact that your phone can be hacked.
• Take steps to secure financial accounts with the highest level of security offered—and then monitor them for any unauthorized activity.
• Keep computers and mobile devices updated and secured with strong passwords.

Identity theft can be scary but there is good news. You can protect yourself, in most cases, by being aware of the threat and following certain practices for safeguarding your information.

1. Don't take the phishing bait

Phishing is a technique used by criminals to trick victims into providing personal information that can be used for identity theft. Most phishing attempts are carried out by email, text messages, or phone.

• Ignore deals, freebies, and awards that sound too good to be true. Disregard offers that appear to come from unusual foreign contacts, as well as requests from strangers for help.
• Ignore phone calls, emails, or texts that appear to be from the IRS. The agency will not contact you by phone, email, text message, or social media to request personal or financial information.
• Be suspicious of anyone requesting your Social Security number, date of birth, financial account number, PIN, email, or passwords—especially if there is a request to verify your information when you were not expecting it.
• Never click a link or download an attachment inside an unexpected email or text. If the email claims to be from a company you do business with, don't log in from a link in the email message—go to the company's website and log in to your account from there.
• Never provide personal information over the phone to an unsolicited caller. If you think the call might be a legitimate request from a company you do business with, hang up, and call the company directly.

2. Protect your phone service

Your phone has become an important part of security protocol and is the "master key" to accessing online accounts and information.

Criminals and scam artists are actively using stolen identity information to port your mobile phone number or forward your phone calls and text messages. They do this by calling phone service providers. If you use Voice over IP (VoIP) phones, then your voice phone portal accounts are also at risk. (like google phone numbers)

Cyber criminals do this to steal your 2-factor authentication codes and text messages to get into your financial institution accounts.

• Learn signs that your phone may be hacked. If you notice your mobile phone showing "no service" or "emergency calls only," or you stop receiving phone calls and text messages even after you restart your phone, contact your mobile company to see if your account has been compromised.
• Ask your telecom provider about ways to better secure your account, especially verifying your identity with a PIN or 2-factor authentication to make changes, route phone calls, forward phone messages, or port your phone number.
• Secure your online phone and internet service provider account where you pay bills and manage settings. Use a separate and strong password for such accounts and enable 2-factor authentication on these accounts.

3. Monitor and secure your accounts

Many companies, go to great lengths to safeguard customers' information and provide security tools. For instance, most banks and credit card companies offers 2-factor authentication, designed to prevent someone from accessing your account, even if they have your password.

Here are a few actions you can take to reinforce those safeguards.

• Choose passwords that can't be guessed easily. Use different passwords for different websites  and change them regularly. It is a pain in the ass but worth it
• Sign up for 2-factor authentication at your financial institutions and email service providers to protect all your online accounts.
• Make sure your financial institutions have up-to-date contact information for you, especially your mobile number. Your financial institutions use this information to protect your accounts and to contact you when suspicious activity is detected.
• Sign up for automated alerts of suspicious account activity wherever offered. Have them automatically alerts you by email and text messages of certain suspicious activity. Do not ignore these security alerts when they are received.
• Check your credit report regularly. The 3 major agencies—Equifax, Experian, and TransUnion—are required by law to provide you with a free copy of your credit report once every 12 months, which means you can check your report for free 3 times throughout the year.

4. Secure your mobile devices and personal computers

Any device you use that is connected to the internet can become a mechanism of attack by cyber-criminals. Hackers can get in through newly discovered security holes in these devices and systems.

• Change any default passwords when setting up your devices.
• Apply updates and patches as soon as the system maker releases them.
• Don't download mobile apps and games that you do not trust. Some mobile apps have been found to contain hidden malicious software. Use your best judgment before using a brand-new app from an unknown company and read reviews before downloading.
• Run antivirus software on your computers and ensure that your mobile devices have the most recent security updates and patches.

Take security seriously