Fraudsters Creating IRS Accounts, Stealing Personal And Tax Information And Getting Refunds

burglar2Criminals are creating IRS accounts in the name of law-abiding citizens, requesting tax transcripts and stealing confidential information to create fraudulent tax returns.

An excellent article on this subject comes from noted security blogger and author, Brian Krebs. Click here to read his article. The article also contains a link to create your account with the IRS.

According to Mr. Krebs, the IRS’s process for verifying people requesting tax transcripts is poor at best and easily vulnerable to fraud because it is based on “knowledge-based authentication”, meaning they ask you test questions to verify your identification. The problem is that the answers to those questions are easily found through simple internet searches.

To add insult to injury, when someone discovers that their identity has been stolen and they contact the IRS for help, victims are subjected to bureaucratic rules that seem to be more concerned about the criminal’s rights than those of the victim.

Individuals and companies must take steps to protect their confidential information. No one, not even the Government, is going to do it for you.

Here’s 12 things you can do to protect yourself and your company from scammers:

  1. Limit the personal and financial information you post online. Never post this type of information on social media sites. Hackers routinely mine social media for data.
  2. Instruct all employees to never reveal business confidential information over the phone and to report attempts to management. Social Engineering attacks are popular among scammers.
  3. Use strong passwords and never use the same one for multiple accounts. Use a secure password manager to keep track of your passwords.
  4. Do what Brian Krebs suggests and create an IRS account before a criminal starts stealing your identity and requests a tax refund in your name.
  5. Do your taxes early so you have time to contact Governmental agencies should fraud be detected.
  6. Keep all anti-virus and anti-malware programs up-to-date and run them on your systems frequently.
  7. Use an Advanced SPAM Filter to reduce the number of SPAM emails hitting your inbox and reduce the likelihood that someone will click on an infected link.
  8. Never click on any link in an email from someone you do not know.
  9. If you receive an email from the “IRS” or “Internal Revenue Service”, it’s a scam (no matter how official the email looks); do not click on any links or attachments.
  10. If you receive a call from someone saying they are from the IRS asking for immediate payment and threatening you if you don’t comply — hang up immediately. As bad as you think the IRS is, they simply don’t do that. They’ll notify you officially by snail mail if there is an issue you need to clear up.
  11. Keep an offsite backup of all data so you can recover should a disaster strike or your systems get badly infected.
  12. Companies should have their network monitored and maintained by a Managed Services Provider (MSP) like XSolutions. If you’re a business, give us a call at (845) 362-9675 to discuss how we can help secure your systems, harden your network, and ensure that you have a viable backup to keep you going even when disaster strikes.

XSolutions is a Managed Services Provider (MSP) and provides 24/7/365 remote monitoring, proactive workstation and server maintenance, Help Desk Services, Cloud & Hosted Services, Backup/Disaster Recovery, and Software Development. Call us at (845) 362-9675 and learn how we can help your company.