How Companies Can Stop Thieves in the Race for Your Tax Return

/

GUEST BLOGGER

Sarah Hofmann
ACFE Public Information Officer

It's unfortunately common this time of year for individuals to file their taxes only to find out that someone has already claimed their return. This type of identity theft can be upsetting, but it may be even more upsetting if they found out their identity was stolen not through a fault of their own, but due to their employer falling victim to a scam.

Savvy cybercriminals are using business email compromise schemes, or "spear-phishing" tactics, to acquire personally identifiable information (PII) through employers. They spoof an email address or phone number to make it look like they are someone from the company's human resources management company or accounting firm — or even someone from within the company itself — and ask for employee W-2s. Once they have the W-2s, they are able to steal employees' identities.

This year, the IRS warned that cybercriminals are widening their target scope from just large corporations to smaller organizations, such as nonprofits and school districts. According to the ACFE's 2016 Report to the Nations on Occupational Fraud and Abuse, small organizations often have fewer anti-fraud controls in place than larger organizations — a weakness that makes them easier targets for fraudsters.

Bruce Dorris, J.D., CFE, CPA, CVA, vice president and program director for the Texas-based Association of Certified Fraud Examiners (ACFE) said, "Fraudsters and cybercriminals are continuing to search for new victims with this unique phishing scam. Many of these organizations have smaller budgets and do not have personnel to defend against these attacks, so nonprofits and school districts must invest and raise awareness in the latest fraud detection and prevention techniques to protect themselves."

Employers can protect themselves and their employees by:

  • Educating employees on email best practices
  • Never sharing PII over the phone or via email
  • Reporting suspicious behavior

The IRS has asked employers who receive phishing emails to forward them to phishing@irs.gov. Employers must remember that as technology evolves, so do fraudsters. The best defense against fraud during tax season is to be wary of anyone asking for sensitive information and to report any suspicious behavior.

You’re a Victim of Tax Fraud — Now What?

/

GUEST BLOGGER

Sarah Hofmann
ACFE Public Relations Specialist

After finally buckling down and finishing your taxes, you may feel a sense of accomplishment and start thinking about how you will use your return. However, that feeling can turn into panic and confusion the minute you receive a notice from the Internal Revenue Service (IRS) that your filing has been rejected, as a return has already been filed using your social security number. You now realize that you’re a victim of tax fraud and identity theft.

Although the IRS has recently met with leaders of private sector firms, state auditors and major providers of electronic tax software in an effort to help prevent identity theft, they are fighting fraud of a formidable size. A report published in 2015 from the Government Accountability Office estimated that the IRS paid out $5.8 billion in 2013 for tax returns that were later determined to be fraudulent.

There are ways to prevent becoming a victim, such as filing your taxes as early as possible and using licensed software with strong anti-virus protection. If you are a victim, however, in spite of efforts to protect yourself, the biggest question is what to do next.

The IRS recommends that first and foremost, you immediately contact them by calling any number provided on the notice of rejection of your filing.  Next, you will need to complete IRS Form 14039, Identity Theft Affidavit. They will direct you to prove your identity, which you may do over the phone or by going to IDVerify.irs.gov. To make the process as smooth as possible, Turbo Tax suggests that you have your tax return from the prior year along with supporting documents such as W-2s or 1099s on hand. Once you've filed a complaint with the IRS, they warn that it usually takes an average of 180 days for the case to be resolved, however, most taxpayers should be able to receive their refund after that period of time.

You should receive a PIN from the IRS that can then be used for future reference to your case. As tax return fraud is also identity fraud, it is a good idea to also file a complaint with the Federal Trade Commission and to contact credit reporting agencies to place a freeze on your credit reports. It’s unfortunate, but now that you’re aware that someone has your personal identifiable information, you must be extra vigilant about your credit and accounts going forward. Identity thieves may choose to sit on your information before using it, or may sell it to a multitude of buyers who can continue to try and use it for years to come.

Although the IRS, private sector firms and U.S. Congress continue to try and develop tools and practices to thwart fraudsters, tax return fraud will likely remain a reality for millions of Americans each year and should be dealt with as swiftly as possible to prevent long-term damage to credit.

Resolve to Protect Yourself From Fraud in 2016

/

GUEST BLOGGER

Sarah Hofmann
ACFE Public Relations Specialist

At the beginning of a New Year, many people set goals to embark on a healthier lifestyle. But while you promise to exercise more, or eat less junk food, it is wise to take some time to think about how healthy you are in regards to fraud. All consumers are susceptible to fraud, but many don’t know simple steps they can take to protect themselves. Here are a few simple things you can do in 2016 to protect yourself:

Pay attention to the features of your credit card
On October 1, 2015 all major credit cards in the U.S. were supposed to be switched from using a magnetic strip for authentication to using an embedded EMV chip. In theory, this change is supposed to add an extra layer of security as the embedded EMV chip would create a unique code for each transaction as opposed to just imparting the full credit card data. However, according to a creditcard.com survey, more than 40 percent of consumers had yet to receive EMV cards by the October 1 deadline. In addition to card issuers not sending the new cards, many Americans mistook mail containing the new cards as junk mail and threw them out.

Since transactions using chip cards are harder to hack, fraudsters will no doubt focus much more heavily on stealing data from transactions using only magnetic strip technology. If you have not received an EMV chip card from your card issuer, or if you believe you might have accidentally disposed of the card, it is important to contact the card provider right away and request that a new copy be sent. Also, if possible, try and shop in stores that have working chip-readers integrated into their point-of-sale system. The technology is not fool-proof, but it will be more likely to protect against avoidable data theft.

Be more careful about what you post on social media
It seems like everyone is now using some form of social media on a daily basis, whether it be Facebook, Twitter or LinkedIn. While these can serve as good tools to keep abreast of the lives of friends and family, or to maintain professional connections, they can also help hackers who are trying to steal identities. Something as simple as putting your full birthdate on any social media can allow fraudsters to hack into your important financial accounts. 

Some important rules to abide by include never posting your full birthdate, primary email address, hometown, driver’s license number or social security number on any public forum. It is also a good idea to have one constant answer to security questions that is not a logical answer (for example, answering “porcupine” to every question, regardless if it asks what city you were born in, mother’s maiden name etc.) Changing passwords frequently can help, as well as avoiding common password themes such as the names of pets, children or spouses. Another tip is to avoid installing or using applications made available through social media, as they often do not have the same level of security as the social media platform and create an easy back door for hackers to get through.

Protect your tax refund
Every year, hundreds of thousands of Americans request their tax refund and are told it has already been claimed. This is not a new scam, but unfortunately it continues to happen despite what controls are in place at the IRS. ACFE Guardian Award winner Brian Krebs suggests that tax payers file their taxes as early as possible in order to beat would-be thieves to the punch. Another way to prevent refund fraud is to closely monitor your credit score. Consumers can get a free credit report once every year from three different bureaus, so your best bet is to request your credit score from one bureau every four months to see if there is fraudulent activity.

If your tax refund is stolen, you can contact the IRS and fill out forms to officially alert them that the fraud has occurred. That alert can be crucial to helping law enforcement eventually catch the fraudsters responsible for the theft.

While these steps cannot guarantee total immunity from fraudsters, they are simple things that can help you make 2016 a year without fraud.

A Few Halloween Treats to Enjoy

/

GUEST BLOGGER

Cora Bullock
Asst. Editor, Fraud Magazine

Halloween may come once a year, but the tricks of fraudsters unfortunately happen year-round. I am happy, however, to report that there are some treats to be celebrated this year.

Trick: Countrywide, later bought by Bank of America, used a program called "The Hustle" to fast track mortgage loans without checking for fraud, then sold the loans to Freddie Mac and Fannie Mae, where they often defaulted, to the tune of a cool $1 billion. Countrywide did this while at the same time telling officials that they had tightened their standards.

Treat: A jury voted unanimously that Bank of America was guilty of fraud because of that program.

Trick: Abbott Laboratories actively marketed their drug Depakote, used for bipolar disorder, migraines, and epileptic seizures, for uses other than those the FDA approved. It claimed that doctors could prescribe the drug for schizophrenia and for the aggression that stems from the beginning stages of dementia. This wasn't the case that it had good evidence backing up their claims — it had conducted no studies or trials testing Depakote for these other uses. It "had in fact halted clinical trials that had been undertaken to determine if Depakote was useful in treating other issues because it found that the drug caused some concerning side effects."

Treat: The Justice Department ordered the company to pay more than $1.5 billion.

Trick: Tax return fraud is rampant - someone here at the ACFE discovered that he had been a victim when he tried to file his tax return and was told that a tax return with his Social Security number had already been filed. The Wall Street Journal reported in January that, "The Treasury Inspector General for Tax Administration last summer reported discovering an additional 1.5 million potentially fraudulent 2011 tax refunds totaling in excess of $5.2 billion."

Treat: Recently, a sting in Miami nabbed 45 people accused of running a huge tax fraud scheme in which the group stole at least 22,000 identities to attempt to receive $38 million in tax refunds (around $11 million was paid).

So as you continue to fight fraud tricksters, remember that there are always treats in the form of prosecutions, arrests and restitution.