By Molly McCluskey
After several states suspended e-filing through the popular online tax preparer, TurboTax itself temporarily pulled the plug on its state tax return e-filing services due to security concerns. The company, owned by Intuit (INTU), which also owns QuickBooks, Mint, Quicken and other personal finance and small business accounting products, resumed all regular services the following day. (Disclosure: The author owns a small amount of stock in Intuit.)
Julie Miller, a spokeswoman for Intuit, says TurboTax has enhanced security measures, which includes multistep authentication, similar to the protections used by banks and financial institutions. All state tax departments have resumed accepting returns filed through TurboTax, she says.
Although the interruption sent shock waves through the industry, as many suspected a cyber breach, TurboTax later said that the company's system had not been compromised. Instead, scammers had stolen personally identifiable information elsewhere and used it to file fraudulent returns. "We want to assure our customers and taxpayers generally that TurboTax is safe and secure, and we've taken every necessary and appropriate action to safeguard customers' information," Miller says.
Despite the assurances, TurboTax's troubles confirmed what fraud experts had been saying for years, that filers should be aware that tax returns are prime ground for hucksters and thieves.
Ease of Filing = Ease of Theft
For many Americans, late winter and early spring are just the beginning of the tax preparation process of receiving 1099 and W-2s, gathering receipts, contacting accountants or choosing an online tax preparer. But identity theft expert Steve Weisman, author of "Identity Theft Alert: 10 Rules You Must Follow to Protect Yourself from America's #1 Crime" and "50 Ways to Protect Your Identity in the Digital Age," says many tax identity thieves act on the first day of filing on Jan. 20, when taxpayers are most vulnerable.
"We know the issue: that anyone can steal a Social Security number, file electronically, and all the things that are being done by the IRS and Congress to make things easy for taxpayers are making it even easier for the fraudsters," Weisman says.
And it's not just the IRS and Congress. Many companies strive to ease the burden of filing, and that convenience can come with a price. Taxpayers who file their taxes via mobile, tablets and apps, sometimes on shared wireless networks, need to be especially diligent about their security.
"One of the primary factors of tax identity theft and fraud is that you can e-file behind a computer screen, which is really convenient if you're going to do something illegal," says Matt Davis, a spokesman for the Identity Theft Resource Center. "If you're a victim of tax identity theft, you're most likely going to be a victim of the other kinds."
Preventing Tax-Related Identity Theft
Both Weisman and Davis say that, aside from protecting personal information and Social Security numbers year-round, the single most important step in preventing tax-related identity theft is to file a tax return as early as possible.
"The IRS doesn't independently verify tax returns. They only know there's a problem once they've received a second return under the same Social Security number," Davis says. "If you're the first one in the door, you're going to have your taxes filed correctly. "
Weisman says that once a fraudulent tax return is filed, gaining access to an ill-gotten refund is fairly easy. "Identity thieves are able to file electronically, the refunds are sent either to a bank electronically or via a prepaid debit or credit card, or sent the old way with a check, which can then be fraudulently cashed," he says. In addition to filing early, the Federal Trade Commission offers these tips to prevent identity theft:
Use a secure Internet connection if you file electronically, or mail your tax return directly from the post office.
Shred copies of your tax return, drafts or calculation sheets you no longer need.
Respond to all mail from the IRS as soon as possible.
Don't give out your Social Security number unless necessary.
Research a tax preparer thoroughly before you hand over personal information.
Check your credit report at least once a year for free at annualcreditreport.com to make sure no other accounts have been opened in your name.
And this important reminder: The IRS never contacts taxpayers by email, text or social media, only via regular mail. Any other forms of contact are fraudulent and should be reported.
If Your Information Has Been Compromised
Once a Social Security number has been compromised for tax fraud, it's extremely likely that it will be used for other types of fraud, including credit card and medical. People who have been victims of tax identity theft should take a sweeping response to the theft by notifying their banks, credit card companies, credit reporting agencies and the proper local and federal authorities. Weisman recommends voluntarily freezing credit reports to prevent new, fraudulent accounts from being opened with a stolen Social Security number. Such freezes can be easily removed and replaced for legitimate purposes.
"If you've been a victim of tax fraud, you need to check your credit reports. It's also a good idea to get a pre-emptive police report, and put alerts on all your accounts," Davis says. "Notifying law enforcement at the outset goes a long way to establishing your credibility with anyone you're going to have dispute the fallout of the fraud with."
The good news is there is no shortage of helpful information for tax filers. The FTC offers tips for preventing tax identity theft on its website, as does Weisman's blog, Scamicide.
Taxpayers who suspect they've been victims of identity fraud should call the IRS Identity Theft Protection Specialized Unit at 800-908-4490 with a copy of a police report, the completed IRS affidavit (Form 14039) and state-issued identification. More information can be found in the Taxpayer Guide to Identity Theft on the IRS website.