The number of people affected by data breaches has reached unprecedented levels. Now, with the peak of the tax season, identity thieves are especially eager to cash in on others' personal information. Related: 6 factors impacting identity theft risks |
Millions of compromised personal records
The Equifax credit bureau breach last year exposed the personal information of 145 million consumers. Yahoo announced that all three billion of its accounts were hacked and car service Uber admitted in 2017 that the data of 57 million customers was compromised the previous year. With access to Social Security numbers, names, addresses, dates of birth and other private information, data thieves may have all the information they need to file phony tax returns and pocket those refunds. And once that data is on the Internet, the threat lasts for years. The bad news doesn't stop there. Big breaches make headlines, but identity thieves also target consumers and Main Street businesses directly to steal personally identifying information. Hartford Steam Boiler surveyed U.S. consumers and found that one in three had been hacked in the past year. A separate HSB survey of small and mid-size businesses nationwide showed that more than half had experienced a cyber attack and almost one-third had a data breach. Most people store financial and tax information on their computers, and businesses keep personal and tax records on employees, vendors and contractors. This data makes them vulnerable to cyber criminals who can use the information to steal state and federal tax refunds. Related: Threat from cyber hackers is growing, U.S. grid regulator says |
Billions of dollars claimed in fraudulent tax returns
This particular type of tax fraud, known as stolen identity refund fraud, is a serious problem. The Internal Revenue Service reports that in 2013 alone, more than five million tax returns were filed using stolen identities, claiming approximately $30 billion in refunds. Of that total, the IRS was able to stop or recover more than $24 billion. The IRS and the tax industry launched a public/private effort in 2015 to crack down on identity theft tax fraud and by 2016 it had stopped 883,000 tax returns with links to identity theft, a 37 percent drop from the year before. Additional safeguards were announced for 2018. |
Arrests and prosecutions can't stop all tax crime
The arrests and prosecutions for stolen identity refund fraud continue, however, as criminals cash in on the easy availability of personal information to file fake tax returns. Consider that: |
- A man caught on a college campus had 32 debit cards in other peoples' names and 100 stolen identities on his laptop. The IRS said each card was used in an attempt to get a tax refund.
- Another convicted criminal used stolen personal data to file more than 200 fraudulent tax returns requesting approximately $1.2 million. He had notebooks filled with individuals' personal information.
- The owner of a cash checking store cashed more than $11 million from over 2,000 fraudulent tax refunds. Police said he used the money to buy cars, a cargo ship and rights to an album recorded by a prominent hip hop artist.
Related: Cyber insurance claims: What happens when a breach occurs |
Scams, schemes and stealing from the dead
Personally identifying information used to claim tax refunds can be stolen in many ways, including telephone scams, hacking, phishing schemes, the theft of physical records from hospitals and nursing homes, even information on prison inmates and dead people. Often, a taxpayer discovers the tax fraud when attempting to efile his or her return, only to find out that a return has already been filed. Some taxpayers get a letter from the IRS, stating that it had identified a suspicious return using their Social Security Number. If you receive an IRS notice about suspicious activity, respond immediately. The IRS points out that any letters from the agency have a number identifying the correspondence, which you will be asked to provide when calling. Don't fall for phone or email schemes in which criminals claim to be from the IRS and ask for information. The IRS would not call to threaten a lawsuit or arrest. And the agency would not email or text taxpayers to request information, or contact them on social media. Related: 5 best practices to avoid a costly data breach |
Pay your taxes and file early
If your Social Security Number is compromised, or you suspect you are a victim of stolen identity refund fraud, continue to pay your taxes and file your tax return, even if you must do so with a paper form. It's recommended that you file your taxes as early as possible this year. Don't wait until the April 15th deadline: Identity thieves can't file and claim your refund if you have already done so. Follow these guidelines to help prevent help tax-related identity theft: |
- If you file your tax return online, do so from your home or a secure network. Don't file your return electronically from a public Wi-Fi network, where hackers could steal your information.
- Keep home operating systems current with the latest security patches. While appropriate defense systems vary greatly based on the system, a simple preventative measure includes turning on the automatic update feature in many of your security programs.
- Double-check the security of your home computer network and other connected devices. Protect your computer network by using strong passwords and change them often.
- Closely monitor mailed financial documents. Criminals look for W-2s, tax refunds or other mail containing financial information. If it looks like mail has been previously opened upon delivery, contact the IRS immediately.
- Use a secure mailbox. If you're filing by mail, post your tax return inside a post office facility. If that's not possible, drop your tax return at an official postal box instead of your mailbox at home. And remember — criminals have been known to steal mail from outdoor boxes.
- Check your homeowners insurance policy for identity theft coverage. Agents and brokers should help educate clients about the risk of identity theft and the need for insurance protection.
- Insurers should include identity theft coverage in their policies. Personal lines coverage can include online fraud, ransomware and other threats, while data breach and cyber insurance should be standard coverage for small and large businesses.
Related: Not all data breaches are created equal |
Education, prevention and insurance protection
Tax fraud is a leading cause of identity theft insurance claims. The risk of identity theft and fraud increases for the millions of Americans who rush to file near the annual deadline of April 15. It's important for insurance professionals to help make our customers aware of the exposure and offer meaningful insurance coverage and services. Timothy Zeilman is vice president and counsel for strategic products for The Hartford Steam Boiler Inspection and Insurance Company (HSB). He can be reached by sending email to [email protected]. Any opinions expressed here are the writer's own.
Want to continue reading?
Become a Free PropertyCasualty360 Digital Reader
Your access to unlimited PropertyCasualty360 content isn’t changing.
Once you are an ALM digital member, you’ll receive:
- Breaking insurance news and analysis, on-site and via our newsletters and custom alerts
- Weekly Insurance Speak podcast featuring exclusive interviews with industry leaders
- Educational webcasts, white papers, and ebooks from industry thought leaders
- Critical converage of the employee benefits and financial advisory markets on our other ALM sites, BenefitsPRO and ThinkAdvisor
Already have an account? Sign In Now