What You Can Do If You Become the Victim of Identify Theft Involving Your Tax Return:
In the event you have been a victim of identify theft, we suggest taking the following steps to protect yourself and your information. The following steps are best practices suggested by the IRS, in addition to some of our own best practices regarding information safety.
Steps to take Immediately:
Check your Credit Report:
Contact Experian, Equifax, or TransUnion, or visit AnnualCreditReport.com:
Equifax: https://www.equifax.com/personal/credit-report-services/ or 1-800-525-6285
Experian: https://www.experian.com/fraud/center.html or 1-888-397-3742
TransUnion: https://www.transunion.com/fraud-alerts or 1-800-680-7289
Request that all three credit unions send you credit reports, free of charge, for your review. Even if you do not find any suspicious activity on your initial credit reports, the Federal Trade Commission (FTC) recommends that you check your credit reports periodically. Thieves may hold stolen information to use at different times. Checking your credit reports periodically can help you spot problems and address them quickly.
2. Consider Placing a Fraud Alert or Credit Freeze
Call any one of the three credit bureaus to place a fraud alert on your account. A fraud alert tells creditors to contact you before they open any new accounts or change your existing accounts. As soon as one credit bureau confirms your fraud alert, the others are notified to place fraud alerts. The initial fraud alert stays on your credit report for 90 days and can be renewed.
You also may want to consider contacting the major credit bureaus at the telephone numbers above to place a credit freeze on your credit file. A credit freeze means potential creditors cannot get your credit report. That makes it less likely that an identify thief can open new accounts in your name. The cost to place and lift a freeze depends on state law. Find your state Attorney General’s office at naag.org to learn more.
If you do place a freeze, be ready to take a few extra steps the next time you apply for a new credit card, cell phone —or any service that requires a credit check.
3. File a police report for identity theft.
If you find suspicious activity on your credit reports, or have reason to believe your information is being misused, file a police report. Get a copy of the police report; you may need it to clear up any fraudulent debts. If your personal information has been misused, visit the FTC’s site at IdentityTheft.gov to get recovery steps and to file an identity theft complaint. Your complaint will be added to the FTC’s Consumer Sentinel Network, where it will be accessible to law enforcers for their investigations.
What You Can Do in the Upcoming Months:
Verify the Validity of Communications
a. We do not know the extent of the information the filers may have. Use caution when receiving phone calls, letters, or emails asking –or demanding – you to take action in some way.
b. The IRS cautions; “Don’t believe anyone who calls and says you’ll be arrested unless you pay for taxes or debt — even if they have part or all of your Social Security number, or they say they’re from the IRS.” The IRS and Social Security Administrations will not call you.
c. Use your gut. If a person calls claiming to be from a trusted company, and say you need to take action immediately to avoid consequences, it is probably a scam.
d. One way to verify phone calls, is to ask for the name and department of the caller within the larger company and ask to call them back at a later time. Then, ignore the phone number they give you and find a trusted phone number for that company. Credit card companies list their corporate number on the back of cards, banks provide their number on bank statements.
e. If nothing else, go to their website and find their corporate number. You may then call the trusted number, give a brief description of the phone call you received, and either ask the receptionist to transfer you to the person who called you, or submit a report to their fraud department. Use caution even when receiving written communications.
f. If you receive a letter in the mail asking you to provide information regarding an account, use your best judgement. If something seems off, find the company’s phone number on their home website to verify the validity of the letter, or speak with a trusted representative.
2. Password Protect or censor sensitive information in an email.
a. Email is a wonderful tool that has changed the way the world does business. As great as it is, it is not a secure form of communication. We strongly suggest refraining from sending any sensitive information or documentation over email without first securing or censoring the information.
b. Due to the nature of our business, we often need to send or receive sensitive information via email. In those cases, we will do one of two things; If the information is contained in the body of an email, we censor or obstruct large portions of the number. For example, we would list a bank account number as xxxxx1234. This method works best when the other party has access to the full number and only needs to confirm we are using the correct number.
c. If we need to include complete numbers in an email, we attach a password protected document containing the information to the email. When using this method, provide the password to open the document over the phone or through an outside source.
d. Once again, please only send information via email if you know exactly who is on the receiving end and how they will use your information.
3. Best practices for keeping your information secure:
a. Run anti-virus, anti-malware, and anti-spyware software on your computer. They are not always the same thing. Talk with your local IT professional to see if you are protected, and to what extent.
b. Your phone is a hand-held computer. Make sure to periodically run scans on your phone as well. Search the app store for variations of trusted software and do your research.
c. Change passwords and security questions on a regular basis – we suggest at least once a year. Computer logins, bank log-in information, everything you can think of. Use a different password for each account.
d. Where applicable, opt for two-factor authentication. These accounts will send an authentication code to your phone or email before they allow you into the site.
e. Only use secured or verified websites when browsing your computer. Google Chrome, FireFox, and internet explorer designate secure websites with a small lock icon just to the left or right of the address bar.ne other way to designate a secure connection is to look at the beginning of the web address. Does it start with http:// or https://? If it has an ‘s’ it is secure. ‘S’ for secure.
f. Disable remote-access to your computers. Websites like ‘LogMeIn’, ‘GoToAssist’, and ‘ShowMyPc’ can be useful tools for IT professionals, but they also present a unique and dangerous opportunity for hackers to access your desktop from anywhere in the world. Do not download these kinds of software unless instructed by a known and trusted IT Professional. Uninstall these kinds of software as soon as you are able.
g. Consider shutting down computers when not in use. This practice will not only secure your data, but will also save electricity.
☐ Know your sender. Before opening/taking any action, verify the validity of letters, phone calls and emails. Email spoofers are creative and deceptive. Remember: The IRS will never call you and even letters should be verified. You may bring them to us to research.
☐ Limit access. Password-protect or censor sensitive information in emails.
☐ Request Reports. Check your Credit Report periodically.
Best Practices for Internet Security:
☐ Anti up. Run computer anti-virus, anti-malware, & anti-spyware scans, including on your hand-held devices and phones.
☐ Passwords: Change passwords and security questions often.
☐ Add verification. Opt for two-factor authentication where applicable.
☐ Https. Practice safe browsing with secure, verified website connections.
☐ Lock-out access. Disable remote-access to your computers.
☐ Check the power. Power off computers when not in use.
If a Victim of Identify Theft:
☐ Contact Credit Bureaus. Place a Fraud Alert. Consider Credit Freeze. Request a copy of your credit report.
☐ Contact Police. File a police report for Identity Theft.
☐ Change passwords again.