Now is the time to be extra vigilant when it comes to protecting your identity. In the time of COVID-19 cyberattacks are on the rise. Scammers and fraudsters are taking the opportunity to call, text and send emails en masse in the hopes that it will sneak through, especially with all of the communication from legitimate businesses regarding the coronavirus.
Originally, this post was going to be specifically about identity theft as it relates to fraudulent tax returns (this original content is below and still holds true) but given the uptick in other scams, we’ve modified it to include some information about additional phishing scams that are being reported.
The FBI is warning of a significant increase in cyberattacks, especially in the three states most hard-hit: California, Washington, and New York. With the majority of the population staying at home, a considerable amount of work is being conducted remotely.
In a Forbes article dated March 21, 2020, Ilia Kolochenko, founder & CEO of web security company ImmuniWeb, advises people working from home to “double-check the authenticity of any incoming messages, emails or phone calls,” and to be particularly prudent “when someone is trying to extract any data from you in an emergency, pretending there is no time to convincingly explain the context.”
Forbes has also compiled an on-going list of COVID-19 online scams.
Some of the current COVID-19 cons include:
- Communications about how to get your COVID-19 assistance check or money from the government
- Fake charities and donation crowdfunding websites
- Companies that are selling products they claim cure the virus (the FTC & FDA called out seven businesses, which are listed in the above link)
- Fake COVID-19 treatments being posted on Craigslist
- Coronavirus domain names that could, if visited, infect user’s computers with malware
- Malicious mimicked websites especially the Johns Hopkins COVID-19 global map, which is being referenced by millions daily
- Downloadable apps or attachments that install malware via websites or email
- Phishing emails purporting to be from the Center for Disease Control (CDC) and the World Health Organization WHO
- Calls from banks and credit card companies claiming customers are overdrawn and need to immediately submit payments, or that suspicious activity has been noted
- Emails from services you use, such as Netflix, Amazon, DoorDash, etc. asking to update your payment information with a button or link to do so from within the email
The Federal Trade Commission (FTC) has a detailed list of how to avoid becoming a victim of coronavirus scams as well as advice for working from home securely, which include securing your WiFi network, using strong passwords and changing them frequently, shredding all sensitive documentation or anything with personal information, and keeping your security software up to date. The FTC has information on other non-COVID-19 phishing scams as well as how to recognize them, how to protect against them, and how to report them.
Although the deadline to file and pay 2019 income taxes has been pushed out to July 15, 2020, it is still wise to file sooner versus later if you are due a refund. Annually as April 15th approaches, identity theft increases as thieves file fraudulent tax returns to get a piece of the $450 billion in estimated tax refunds issued by the Internal Revenue Service (IRS).
$450 billion is a very tempting amount and those with nefarious intentions are gearing up to get their piece of the pie. Social Security Numbers (SSN) are only piece of information needed by identity thieves to file a false return. And, since most people in the United States have had their personal information—including their SSN—compromised in one of the numerous data breaches, the majority of us are at risk.
The good news is, the IRS is getting more adept at pinpointing fraudulent tax returns. The number of false tax returns processed by the IRS have decreased by 65% between 2015 and 2017 but some do still slip through the cracks. Why? The main reason is the Internal Revenue Service has a procedure to process returns within 21 days of receipt, often well in advance of them having W2’s in their possession. That is why thieves file early, in the hopes that they can beat you to the punch and get their counterfeit refund processed before the IRS has all the necessary documentation.
There are ways to minimize theft of your identity and fraudulent tax returns in your name.
- Subscribe to an online monitoring service. These companies scour the Internet and dark web in search of your personal data, informing you of potential issues. They can also assist you in resolving identity theft issues should you become a victim.
- File your tax return early, especially if you expect a refund.
- Vet your CPA. Be sure they are legitimate before you entrust them with your most sensitive information.
- Do NOT give out ANY personal information to a person who calls you claiming to be from the IRS. These imposters are clever, using a number from Washington D.C. and providing a fake badge number to lure people into sharing Personally Identifiable Information (PII). PII includes birth date, mailing address, or other seemingly insignificant details that could be used to submit a false refund claim. The IRS will never call, text, or email. If you receive any such communications, report them to firstname.lastname@example.org.
- Don’t overshare your SSN. Don’t provide your SSN to doctors, dentists, or any other business or provider that absolutely does not require it.
- Change online passwords once every 90 days.
- Request your free credit report, one from each of the credit bureaus, every four months. Monitoring this information is critical to detecting identity theft early on.
- Beware of what you share especially when you are in public. Identity thieves can easily overhear information you give to someone at a checkout counter.
- Immediately establish fraud alerts on all your credit accounts and at the three credit bureaus if you suspect your identity has been compromised.
- Set up your account at IRS.gov before someone else does.
If you receive a phishing email, forward it to the Anti-Phishing Working Group at email@example.com. If you received a scam text message, forward it to SPAM (7726). Report all phishing attacks to the FTC at ftc.gov/complaint.
Closely guarding our personal information is a reality in today’s now very virtual and interconnected world. Being watchful for anything suspicious, monitoring the Internet for misuse of personal data, and reporting any instances to the FTC and other applicable organizations can be instrumental in thwarting would-be thieves.