The IRS admittedly has little control over protecting your tax returns against identity theft. The problem is too big, the data too widely available, prevention too rarely attended to until it’s already too late.
Your tax returns are the Holy Grail of identity theft because they contain virtually every piece of information a fraudster needs to BECOME you. But you don’t have to be a victim; you simply need to take responsibility for what is rightfully yours – your tax return information and your identity. The changes aren’t difficult, they simply require you read through this document so that you recognize the risks. Once that’s done, you simply avoid the highest-risk behaviors.

Here is a comprehensive list of frauds, scams and high risk tax-time practices.

Top Tips for Tax Time Identity Theft Protection

Your greatest risk of identity theft during tax season comes from your tax preparer (if you use one) either because they are dishonest (less likely) or because they are careless with your sensitive documents (more likely). Just walk into a tax-preparers office on April 1 and ask yourself how easy it would be to walk off with a few client folders containing mounds of profitable identity. The devil is in the disorganization. Effective Solutions:

• Choose your preparer wisely. How well do you know the person and company preparing your taxes? Did they come personally recommended, or could they be earning cash on the side by selling your personal information. Do they have an established record and are they recommended by the Better Business Bureau?
• Interview your preparer before you turn over sensitive information. Ask them exactly how they protect your privacy (do they have a privacy policy?). Are they meeting with you in a room full of client files, or do they take you to a neutral, data-free, conference room or office? Do they leave files out on their desk for the cleaning service to access at night, or do they lock your documents in a filing cabinet or behind a secure office door? Do they protect their computers with everything listed in the next section?
• Asking professional tax preparers these questions sends them a message that you are watching! Identity thieves tend to stay away from people they know are actively monitoring for fraud. Remember, losing your identity inside of their accounting or bookkeeping business poses a tremendous legal liability to their livelihood.
• Make sure you always (not just at tax time) pay with security checks like those provided by Deluxe.

Secure Computers. Last year, more than 80 million Americans filed their tax returns electronically. To prevent electronic identity theft, you must take the necessary steps to protect your computer, network and wireless connection. Additionally, your tax preparer should be working only on a secured computer, network and internet connection. Hire a professional to implement the following security measures:

• Strong alpha-numeric passwords that keep strangers out of your system
• Anti-virus and anti-spyware software configured with automatic updates
• Encrypted hard drives or folders (especially for your tax preparer)
• Automatic operating system updates and security patches
• An encrypted wireless network protection
• A firewall between your computer and the internet
• Remove all file-sharing programs from your computer (limewire, napster, etc.)

Even though you use a strong password to protect your data file when e-filing, burn the file to a CD or flash drive once you’ve filed. Remove the personal information from the hard drive. Store the backup in a lock box or safe.

Private information should be transmitted by phone using your cell or land line (don’t use cordless phones). In addition, never email your private information to anyone unless you are totally confident that you are using encrypted email. This is a rarity, so don’t assume you have it. In a pinch, you can email password protected PDF documents, though these are relatively easy to hack.

Stop Falling for IRS Scams. We have a heightened response mechanism during tax season; we don’t want to raise any red flags with the IRS, so we tend to give our personal information without much thought. We are primed to be socially engineered. Here’s how to combat the problem:

• Make your default answer, “No”. When someone asks for your Social Security Number or other identifying information, refuse until you are completely comfortable that they are legitimate. Verify their credentials by calling them back on a published number for the IRS.
• If someone promises you (by phone, fax, mail, or in person) to drastically reduce your tax bill or speed up your tax return, don’t believe them until you have done your homework (call the IRS directly if you have to). These schemes flourish when the government issues economic stimulus checks and IRS refunds.
• If anyone asks you for information in order to send you your check, they are scamming for your identity. The IRS already knows where you live (and where to send your rebate)! By the way, the IRS will NEVER email you for any reason (e.g., promising a refund, requesting information, threatening you).
• To learn more about IRS scams, visit the only legitimate IRS website. If you are hit by an IRS scam, contact the IRS’s Taxpayer Advocate Service.
• If your tax records are not currently affected by identity theft, but you believe you may be at risk due to a lost wallet, questionable credit card activity, or credit report, you need to provide the IRS with proof of your identity. You should submit a copy of your valid government-issued identification, such as a Social Security card, driver’s license or passport, along with a copy of a police report and/or a completed IRS Form 14039, Identity Theft Affidavit, which should be faxed to the IRS at 978-684-4542. Please be sure to write clearly.
• As an option, you can also contact the IRS Identity Protection Specialized Unit, toll-free at 800-908-4490. IPSU hours of Operation: Monday – Friday, 7:00 a.m. – 7:00 p.m. your local time (Alaska & Hawaii follow Pacific Time).
• If you have information about the identity thief that impacted your personal information negatively, file an online complaint with the Internet Crime Complaint Center.  The IC3 gives victims of cyber crime a convenient and easy-to-use reporting mechanism that alerts authorities of suspected criminal or civil violations. IC3 sends every complaint to one or more law enforcement or regulatory agencies that have jurisdiction over the matter.
• Subscribe to an identity theft detection, protection and resolution product like CSID.

Mail Safely. A good deal of identity theft takes place while tax documents or supporting material are being sent through the mail. If you are sending your tax return through the mail, follow these steps:

• Walk the envelope inside of the post office and hand it to an employee. Too much mail is stolen out of the blue USPS mailboxes and driveway mailboxes that we use for everything else to make them safe.
• Send your return by certified mail so that you know it has arrived safely. This sends a message to each mail carrier that they had better provide extra protection to the document they are carrying.
• Consider filing electronically so that you take mail out of the equation. Make sure that you have a well-protected computer (discussed above).

Shred and Store Safely. Any copies of tax documents that you no longer need can be shredded using a confetti shredder. Store all tax records, documents and related materials in a secure fire safe. I recommend spending the extra money to have your safe bolted into your home so that a thief can’t walk away with your entire identity portfolio. Make sure that your tax provider appropriately destroys and locks up any lingering pieces of your identity as well. Tax returns provide more of your private information in a single place than almost any other document in our lives. Don’t waste your tax refund recovering from this crime.

John Sileo is an award-winning author and international speaker on the dark art of deception (identity theft, data privacy, social media manipulation) and its polar opposite, the powerful use of trust, to achieve success. He is CEO of The Sileo Group, which advises teams on how to multiply performance by building a culture of deep trust. His clients include the Department of Defense, Pfizer, the FDIC, and Homeland Security. Sample his Keynote Presentation (he shares how he lost $300,000, 2 years and his business to data breach) or watch him on Anderson Cooper, 60 Minutes or Fox Business. 1.800.258.8076.

Related posts:

1. IRS Overwhelmed by Tax Related Identity Theft
2. 5 Business Survival Lessons from Google’s Spying
3. Google Spying Cost Them $1

It’s nerve racking to realize that the IRS increasingly struggles to control taxpayer identity theft. Since 2008, the IRS has identified 470,000 incidents of identity theft affecting more than 390,000 taxpayers. “Victims of tax-related identity theft are the casualties of a system ill-equipped to deal with the growing proficiency and sophistication of today’s tax scam artists” said  Sen. Bill Nelson, who chairs the newly formed Subcommittee on Fiscal Responsibility and Economic Growth.

Identity theft harms innocent taxpayers through (1) employment and (2) refund fraud, according to the GAO. In refund fraud, an identity thief uses a taxpayer’s name and Social Security number to file for a tax refund, which the IRS discovers after the legitimate taxpayer files. In the meantime, the victim is out the money due her, causing Sharon Hawa of the Bronx, N.Y. to take on a second job. Ms. Hawa testified before the Subcommittee, describing how she had become an ID theft victim for the second time in three years (the first in 2009) after thieves twice filed tax returns in her name and received her tax refunds. Painstakingly proving her identity to the IRS, time after time over a 14-month period, was only a small part of the stress and utter frustration in the first fraud.  And  then, as if that trauma hadn’t sufficiently wreaked havoc in Ms. Hawa’s life, it happened a second time.

In employment fraud, an identity thief uses a taxpayer’s name and SSN to obtain a job. When the thief’s employer reports income to the IRS, the taxpayer appears to have unreported income on his or her return, leading to enforcement action. Think of your stress level when you open that envelope from the IRS demanding taxes for money you didn’t earn and don’t have!

The GAO states that the IRS’s ability to address identity theft issues is constrained by several factors, one being that privacy laws limit the sharing of ID theft information with other agencies. Another problem is the timing of fraud detection efforts; more than a year may have passed since the original fraud occurred.  The resources necessary to pursue the large volume of potential criminal refund and employment fraud cases are another constraint.

It’s imperative that we taxpayers take responsibility and implement the steps necessary to protect ourselves. There is very little that is more damaging and dangerous to your identity than losing your tax records. After all, tax records generally contain the most sensitive personally identifying information that you own, including Social Security Numbers (for you, your spouse and maybe even your kids), names, addresses, employers, net worth, etc. Because of this high concentration of sensitive data, tax time is like an all-you-can-eat buffet for identity thieves. Here are some of the dishes on which they greedily feed:

• Tax documents exposed on your desk (home and work)
• Private information that sits unprotected in your tax-preparer’s office
• Improperly mailed, emailed and digitally transmitted or filed records
• Photocopiers with hard drives that store a digital copy of your tax forms
• Copies of sensitive documents that get thrown out without being shredded
• Improperly stored and locked documents once your return is filed
• Tax-time scams that take advantage of our propensity to do whatever the IRS says (even if it’s not really the IRS asking)

John Sileo is an award-winning author and international speaker on the dark art of deception (identity theft, data privacy, social media manipulation) and its polar opposite, the powerful use of trust, to achieve success. He is CEO of The Sileo Group, which advises teams on how to multiply performance by building a culture of deep trust. His clients include the Department of Defense, Pfizer, the FDIC, and Homeland Security. Sample his Keynote Presentation (he shares how he lost $300,000, 2 years and his business to data breach) or watch him on Anderson Cooper, 60 Minutes or Fox Business. 1.800.258.8076.

Related posts:

1. Protect Your Taxes from Prying & Spying Eyes
2. Identity Theft Expert John Sileo on 60 Minutes
3. Business Killers: Identity Theft and Data Breach Protection FREE WEBINAR

It seems like every day consumers are learning of data breeches from companies like Sega, Sony and Google. Major corporations like these tend to have the funds and resources to recover from an attack, but for small businesses, that’s often not the case.

A slow response and lack of communication with customers are among the missteps many small businesses make when facing an attack, both of which can cause irreparable damage to the business.

“When consumers are a victim of ID fraud based on interaction with a small business, 1 in 3 never come back,” said Phil Blank, senior analyst for security and fraud at Javelin Strategy & Research.

While data breaches hitting major banks and corporations tend to dominate headlines, small businesses are increasingly becoming targets. Hackers like to prey on small businesses because computers and mobile phones tend to be used for both work and personal use, and many small businesses don’t have an IT staff monitoring and protecting operations.

According to Javelin, small business fraud totaled $8 billion in 2010. Of that, banks, merchants and other providers absorbed $5.43 billion of the loss while the cost to victims was $2.61 billion.

Although the first line of defense against an attack is to have proper procedures and policies in place, if it does happen, there are steps that need to be taken immediately to mitigate the impact. The experts advise owners’ first step should be to communicate with customers quickly.

“You don’t have a large amount of time between a hack and when you tell a client,” said Blank at Javelin. That doesn’t mean you have to tell clients within a day of it happening, but you shouldn’t wait a couple of months either. Blank said customers should be notified within a week of the hack. “If people know within a week they have the ability to do something about it.”

To ensure the small business is communicating correctly to the customers, John Sileo, founder of ThinkLikeASpy.com and a professional identity theft speaker, said a small business owner should get professional help, whether it’s a privacy lawyer or a company that deals with data breach responses.

Each state has different laws and regulations pertaining to data breaches and a data breach company will be well versed in the rules governing the states. “This is too big for a small business to handle internally,” said Sileo. “They could end up making some legal choices without knowing it that can get them in hot water.”

Related posts:

1. Business Killers: Identity Theft and Data Breach Protection FREE WEBINAR
2. Citigroup Data Breach – How it Affects Your Wallet
3. Sony Data Breach Grows by 25 Million – $1 Billion Price Tag

And like anything with that much power, there are risks. Using this type of syncing and backup service without understanding the risks and rewards is like driving a Ducati motorcycle without peering into the crystal ball of accidents that take the lives of bikers every year. If you are going to ride the machine, know your limits.

This week, Dropbox appears to have altered their user agreement (without any notice to its users), making it a FAR LESS SECURE SERVICE. Initially, their privacy policy stated:

… all files stored on Dropbox servers are encrypted (AES-256) and are inaccessible without your account password. (Quoted from PCWorl)

Currently, the privacy policy says that Dropbox can access and view your encrypted data, and it might do so to share information with law enforcement. Why is that important? Because it means that the encryption keys that keep your files private are actually stored on Dropbox’s server, not on your own computer. This puts the keys to your data (and every other Dropbox user) in the hands not only of Dropbox employees and law enforcement, but vulnerable to hackers. When the encryption key is located on your computer, at least the risk is spread over Dropbox’s user’s network.

But there is an even bigger issue that this exposes about the world of cloud computing in general: anytime your data lives on a device that you don’t own, you lose a certain amount of control over what happens to it. Here is just a sampling of factors that can affect the privacy and confidentiality of your cloud-stored data:

• The cloud service provider changes their Terms of Service (like Dropbox just did) to cover their legal bases, making your data less secure without your even being alerted. This happens almost every week with Facebook, which changes privacy terms constantly. When you log back into your account, you are automatically agreeing to the new Terms of Service (and probably not reading the tens of pages of legal jargon).
• The provider is bought out by a new company (possibly one overseas) or has its assets liquidated (the most valuable assets are generally information), that has different standards for data security and sharing. You, by default, are now covered by those standards.
• The security of your data is weak in the first place. Security costs money, and many smaller cloud providers haven’t invested enough in protecting that data, leaving the door wide open for savvy hackers. SalesForce.com might be well protected, but is the free backup service or contact manager that you use?
• Your data exists in a more public domain than when it is stored on internal, private servers, meaning that it is subject to subpoena without your being notified! In other words, the government and law enforcement has access to it and you will never know they were snooping around. This isn’t a concern for most small businesses, but it is still a cautionary note.

So does this mean we should all shut down our Dropbox, Carbonite, iBackup accounts? No. Does this mean that corporations should not implement the highly scalable, dramatically efficient solutions provided by the cloud? No. It means that both individuals and businesses must educate themselves on the up and down sides of this shift in computing. They can  begin the process by realizing that:

1. Not all data is created equal and that some types of sensitive data should never be placed in someone else’s control. This is exactly why there are data classification systems (I subscribe to those used by the military and spy agencies: Public, Internal, Confidential and Top Secret).
2. Not all cloud providers are created equal and you must understand the privacy policy, terms of service and track record of each one individually (just like you would choose a car with a better crash-test rating for your family).
3. Anything of immense power comes with costs, and those costs must be calculated into the relative ROI of the equation. In other words, the answer here, like most complex things in life, exists in the gray area, not in a black or white, one-size-fits all generalization.

John Sileo writes and speaks on Information Leadership, including identity theft prevention, data breach, social media risk and online reputation. His clients include the Department of Defense, Homeland Security, the Federal Reserve Bank, FDIC, FTC and hundreds of corporations of all sizes. Learn more about his motivational data security events.

Related posts:

1. 7 Steps to Secure Profitable Business Data (Part II)
2. Are You Begging to Get Fired?
3. Information Offense – How Google Plays

In an unrelated article, Mizuho Investors Securities analyst Nobuo Kurahashi estimated the cost of Sony’s recovery from the data breaches to be approximately $1.25 billion:

Kurahashi estimates that the data breach will cost Sony about Y100 billion, or $1.25 billion from lost business, various compensation costs and new investments–assuming that no additional security problems emerge. The cyber attacks on Sony in recent weeks involved the theft of personal data that include names, passwords and addresses from accounts on its PlayStation Network and Sony Online Entertainment gaming services. Sony has also said that more than 10 million credit-card numbers may have been compromised.

The return on investment of Sony simply protecting their customer data properly in the first place would be thousand-fold. But if companies were doing more to protect themselves before the attack, what would we write about?

John Sileo’s motivational keynote speeches train organizations to play aggressive information offense before the attack, whether that is identity theft, data breach, cyber crime, social networking exposure or human fraud. Learn more at www.ThinkLikeASpy.com or call him directly on 800.258.8076.

Related posts:

1. Sony PlayStation Network User Information Hacked
2. Data Breach Expert Sileo Talks to Fox Business
3. Citigroup Data Breach – How it Affects Your Wallet

PlayStation is a fun game, data breach is not.

As of March 31st, the Sony PlayStation Network has about 77 million accounts. These accounts link users to the network to obtain downloads and access online movies through services like Netflix. While Sony states that not all of the 77 million accounts are active accounts and some individuals have multiple accounts, they are not denying that a breach of information occurred.

The company spokesman, Patrick Seybold, admitted that the hackers not only gained such information as names, addresses, phone numbers, user names, birth dates, email addresses and passwords of registrants; but they are unsure if credit card information was compromised as well. Update: Sony recently announced that an additional 25 million records were breached.

“While there is no evidence at this time that credit card data was taken, we cannot rule out the possibility,” Seybold wrote. ”If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained.”

Last week Sony shut down their Play Station Network, but did not notify customers until Tuesday that a breach had occurred. This shows negligence on Sony’s part to not notify users immediately that their personal information had been hacked.

Related posts:

1. Sony Data Breach Grows by 25 Million – $1 Billion Price Tag
2. Information Security Speaker: 5 Information Espionage Hotspots Threatening Businesses
3. Facebook’s Zuckerberg Gets Hacked

Opting our of marketing databases is one way to lower your risk of becoming a data breach victim.

So, how do I get out of marketing data bases?

Most databases allow you to opt out of having them share and sell your information, you just need to find out how.  Many sites make it tricky to get this done, but most sites that are selling or harvesting your information allow you to do so one way or another.

The Privacy Rights Clearing House lists 135 marketing data brokers who are selling your private information, and tells you whether or not they have opt-out policies. If they do, you have to go to the brokers’ websites and suppress your name yourself. Most of the sites have hard-to-find opt out pages, but you can generally track them down by visiting the Privacy Policy which frequently appears as a link in small print at the bottom of the home page.

Even if you opt out, unfortunately, most of these sites still retain your information in their databases, meaning that you are still at risk of a breach. But until we have stronger consumer rights governing our private and personal information, opting out is the best you can do.

Related posts:

1. Spokeo Shows Your Home with Only a Name?
2. How to Opt Out of Data Miners and Online Directories
3. Spokeo – Scary Bad & How to Opt Out

Have you been inundated with more spam and phishing emails recently? If so, it may be due to one of the largest email and data breaches in Internet history. Epsilon is one of the world’s largest providers of marketing-email services and they handle more than 40 billion emails annually and more than 2,200 global brands.

Epsilon issued the following statement: “On March 30th, an incident was detected where a subset of Epsilon clients’ customer data were exposed by an unauthorized entry into Epsilon’s email system. The information that was obtained was limited to email addresses and/or customer names only.”

The following companies have already sent out warnings (like those below) to their companies: Best Buy, Capital One, JPMorgan, Citibank, Kroger, Barclays Bank of Delware, Visa, American Express, US Bank, TiVo Inc. and Walgreen Co, Robert Half, Kraft, Home Shopping Network, QFC, Marriott Rewards, Ritz-Carlton Rewards, Ameriprise Financial, LL Bean Visa Card, Brookstone, Dillons, the College Board, McKinsey & Company, New York & Company, Disney Vacations, Staples, TIAA-CREF, Verizon, Borders, Smith Brands, Abe Books, Lacoste.

While the statement above says that only names and emails were compromised, experts are saying that both Marriott Rewards and Ritz-Carlton Rewards had member rewards points disclosed, along with names and e-mail addresses. This could give scammers more leverage when they attempt a targeted campaign. The Epsilon data breach not only exposed names, information and e-mails of its clients’ customers, but sent its stock down nearly 7 percent before the news was even hours old.

The stolen information will allow scammers to send authentic-looking email messages that appear to come from a bank or other business with whom the user has an existing relationship. The emails will try to trick people into parting with information such as their usernames and passwords for bank accounts or other online accounts, or they could try to trick people into downloading malware on to their systems. People who don’t fall for such scams should be fine. (ComputerWorld)

So how do you know if you have been affected by this massive breach? Watch out for emails (like the ones I received for being a customer of the institutions below) alerting you to the breach. But observe the following precautions:

• Be on the lookout for sophisticated phishing emails that seem to be sent from your bank or other financial institution. Now that the bad guys have your name AND email address, they can make them very authentic and already know that you bank with that particular institution.
• Keep software protection updated.
• Don’t click on any links within the breach emails you receive, as scammers will undoubtedly send phishing versions in the name of data security to extract even more data out of you. Always retype the known website address (www.USBank.com) into the toolbar. You can also move the mouse over the link to see if the domain name matches the company.
• Make sure that all websites you visit start with https (which signals that it is a secure connection – not a perfect indicator, but better than nothing).
• Don’t give out any sensitive information out via email and be wary about giving it out over the phone.
• If you are ever unsure call the number listed on the company website.

These companies will start to lose customers because of the Epsilon breach, and Epsilon will begin to lose stock value and reputation within the industry. Can you imagin a corporation trusting them with their private data again?

John Sileo speaks and consults to clients about information leadership, including identity theft, social media exposure and reputation management. His clients include the Department of Defense, Pfizer, Blue Cross and Homeland Security. Learn more about bringing John to your organization at www.ThinkLikeASpy.com.

Related posts:

1. Citigroup Data Breach – How it Affects Your Wallet
2. Son of a Breach! 40,000 Student Identities Exposed
3. Data Breach Increases 33% in 2010 and You’re Next

The survey shows that 48% of tablet users transfer sensitive data using the device while only 30% of smart phone users transfer sensitive information. The types of sensitive data included credit card, financial, personal and even proprietary business information. Many factors contribute to the increased risk:

• Users initially bought tablets as book readers and web browsers, but have increasingly added to their functionality with new Apps.
• Tablet computers are in their infancy and haven’t been equipped with the same security features as laptops and desktops.
• Corporate users haven’t yet been trained on securing the data on tablets.
• Tablets are more capable than smartphones, making it a natural laptop replacement, but without the robust, time-tested security.
• Indiscriminate App downloading (covered in detail in the Smartphone Survival Guide) greatly increases chances of accidentally loading malware to your tablet.
• Many companies buy their employees tablets rather than laptops because they are less expensive, more mobile, and have similar capabilities. Unfortunately, they are failing to consider the increased risk posed by the trendy computers.

If you are using your tablet like a laptop (email, accessing bank accounts, transmitting business documents), take the following minimum steps:

1. Turn on password protection to get into the device.
2. Enable remote tracking and wiping capabilities in case the device is lost or stolen.
3. Utilize secure wireless connections only (not free WiFi hotspots in cafes, airports and hotels) to eliminate signal sniffing.
4. Limit the data you store and transmit on your tablet until the security features have caught up with the functionality.
5. Physically lock up the device when not in use. Never leave it on the table at Starbucks like someone did in the photo to the right.

Tablets are a slippery slope – they make computing so user friendly that you start to think it’s a friendly computing world out there. Unfortunately, cyber criminals and your competitors have a different idea. Don’t wait to find out what they can do with your private data.

John Sileo trains organizations to protect sensitive data, including that exposed on tablets, smartphones, laptops and social networking sites. His clients include the Department of Defense, Pfizer, Homeland Security and organizations of all sizes. Learn more about bringing in a Data Security Speaker or contact John directly on 800.258.8076.

Related posts:

1. iPad Vampires: 7 Simple Security Settings to Stop Data Suckers
2. Using an iPad to Your Competitive (and Secure) Advantage
3. Facebook Hits 500 Million Users: 3rd Largest Country

This past week, a New Jersey man admitted to stealing tens of thousands of dollars in government checks from mailboxes. He stole Social Security, tax refund and unemployment checks from November 2009 to April 2010, then recruited people to cash them using fake IDs. Prosecutors say the scheme cost the government more than $70,000. Not only did this criminal have the actual financial refunds from most individuals, but he also had identity information and even social security numbers.

Around this time of year, tax time, people are more vulnerable to Identity Theft. There is very little that is more damaging and dangerous to your identity than losing your tax records. After all, tax records generally contain the most sensitive personally identifying information that you own, including Social Security Numbers (for you, your spouse and maybe even your kids), names, addresses, employers, net worth, etc. Because of this high concentration of sensitive data, tax time is like an all-you-can-eat buffet for identity thieves. Here are some of the dishes on which they greedily feed:

• Tax documents exposed on your desk (home and work)
• Private information that sits unprotected in your tax-preparer’s office
• Improperly mailed, emailed and digitally transmitted or filed records
• Photocopiers with hard drives that store a digital copy of your tax forms
• Copies of sensitive documents that get thrown out without being shredded
• Improperly stored and locked documents once your return is filed
• Tax-time scams that take advantage of our propensity to do whatever the IRS says (even if it’s not really the IRS asking)

Top Tips for Tax Time Identity Theft Protection Safe Preparation. Your greatest risk of identity theft during tax season comes from your tax preparer (if you use one) either because they are dishonest (less likely) or because they are careless with your sensitive documents (more likely). Just walk into a tax-preparers office on April 1 and ask yourself how easy it would be to walk off with a few client folders containing mounds of profitable identity. The devil is in the disorganization. Effective Solutions:

• Choose your preparer wisely. How well do you know the person and company preparing your taxes? Did they come personally recommended, or could they be earning cash on the side by selling your personal information. Do they have an established record and are they recommended by the Better Business Bureau?
• Interview your preparer before you turn over sensitive information. Ask them exactly how they protect your privacy (do they have a privacy policy?). Are they meeting with you in a room full of client files, or do they take you to a neutral, data-free, conference room or office? Do they leave files out on their desk for the cleaning service to access at night, or do they lock your documents in a filing cabinet or behind a secure office door? Do they protect their computers with everything listed in the next section?
• Asking professional tax preparers these questions sends them a message that you are watching! Identity thieves tend to stay away from people they know are actively monitoring for fraud. Remember, losing your identity inside of their accounting or bookkeeping business poses a tremendous legal liability to their livelihood.

Secure Computers. Last year, more than 80 million Americans filed their tax returns electronically. To prevent electronic identity theft, you must take the necessary steps to protect your computer, network and wireless connection. Additionally, your tax preparer should be working only on a secured computer, network and internet connection. Hire a professional to implement the following security measures:

• Strong alpha-numeric passwords that keep strangers out of your system
• Anti-virus and anti-spyware software configured with automatic updates
• Encrypted hard drives or folders (especially for your tax preparer)
• Automatic operating system updates and security patches
• An encrypted wireless network protection
• A firewall between your computer and the internet
• Remove all file-sharing programs from your computer (limewire, napster, etc.)

Private information should be transmitted by phone using your cell or land line (don’t use cordless phones). In addition, never email your private information to anyone unless you are totally confident that you are using encrypted email. This is a rarity, so don’t assume you have it. In a pinch, you can email password protected PDF documents, though these are relatively easy to hack. Stop Falling for IRS Scams. We have a heightened response mechanism during tax season; we don’t want to raise any red flags with the IRS, so we tend to give our personal information without much thought. We are primed to be socially engineered. Here’s how to combat the problem:

• Make your default answer, “No”. When someone asks for your Social Security Number or other identifying information, refuse until you are completely comfortable that they are legitimate. Verify their credentials by calling them back on a published number for the IRS.
• If someone promises you (by phone, fax, mail, or in person) to drastically reduce your tax bill or speed up your tax return, don’t believe them until you have done your homework (call the IRS directly if you have to). These schemes flourish when the government issues economic stimulus checks and IRS refunds.
• If anyone asks you for information in order to send you your check, they are scamming for your identity. The IRS already knows where you live (and where to send your rebate)! By the way, the IRS will NEVER email you for any reason (e.g., promising a refund, requesting information, threatening you).
• To learn more about IRS scams, visit the only legitimate IRS website, which is www.irs.gov. If you are hit by an IRS scam, contact the IRS’s Taxpayer Advocate Service at www.irs.gov/advocate.

Mail Safely. A good deal of identity theft takes place while tax documents or supporting material are being sent through the mail. If you are sending your tax return through the mail, follow these steps:

• Walk the envelope inside of the post office and hand it to an employee. Too much mail is stolen out of the blue USPS mailboxes and driveway mailboxes that we use for everything else to make them safe.
• Send your return by certified mail so that you know it has arrived safely. This sends a message to each mail carrier that they had better provide extra protection to the document they are carrying.
• Consider filing electronically so that you take mail out of the equation. Make sure that you have a well-protected computer (discussed above).

Shred and Store Safely. Any copies of tax documents that you no longer need can be shredded using a confetti shredder. Store all tax records, documents and related materials in a secure fire safe. I recommend spending the extra money to have your safe bolted into your home so that a thief can’t walk away with your entire identity portfolio. Make sure that your tax provider appropriately destroys and locks up any lingering pieces of your identity as well. Tax returns provide more of your private information in a single place than almost any other document in our lives. Don’t waste your tax refund recovering from this crime.

Related posts:

1. Tax Time Identity Theft Prevention Tips
2. H&R Block Customers Suffer Tax Time Identity Theft
3. Identity Theft Scam Stole Millions – Pennies at a Time