It’s an unspoken truth, but not all mail is equal.
Birthday cards from mom and dad get opened immediately. Credit card offers never do. Envelopes marked “Important Tax Information” are tossed into a pile to be dealt with later when I finally sit down to tackle my tax return.
But a letter from the Internal Revenue Service, well, that moves to the top of the must-read list. Sorry, mom and dad.
I received such a letter on March 9, 2016. Someone had taken the liberty of filing a tax return on my behalf. And while I dread doing my taxes every year and would love for someone to do it for me, I’d prefer to have my refund deposited into my bank account, not someone else’s.
The letter explained that the IRS had received a tax return using my Social Security number, but the return listed a different name and bank account number than what was included on my past returns. What had been an abstract notion of identity fraud now had a name – and it was mine.
I had unwittingly joined an ever-growing community of victims of tax fraud. I never learned where or how my Social Security number was exposed, but I’m grateful the IRS flagged the fraudulent return. According to Duke’s IT Security Office, the IRS stopped 787,000 confirmed identify theft returns totaling more than $4 billion in the 2016 tax season.
After considerable hassle and many headaches, I managed to file my own return and set up precautions to secure and monitor my credit going forward. I was also educated by the experience on what steps I could take to avoid being a victim of identity theft again.
Our information is more exposed than we would like. Major data breaches at companies like Equifax, Target, T.J. Maxx, Sony, eBay and countless others means there’s a pretty good chance your Social Security number is in someone else’s hands. So, it’s best to know how to protect yourself and monitor your accounts.
Our friends in Duke’s IT Security Office are helping to thwart cybercrime. One of the most common ways hackers gain access to personal information is through phishing email messages designed to look like legitimate requests to log-in to a website or submit personal data. In just over a month between December and January, the IT Security Office identified about 35,400 phishing emails sent to Duke email accounts.
Cara Bonnett, senior IT analyst in Duke’s IT Security Office, said Duke sees an increase in phishing emails during tax season.
“Hackers will try to send in tax returns using stolen Social Security numbers before people have a chance to file their own returns,” she said. “So, it’s in important to file your return as early as possible.”
Here are a few other tips from the IT Security Office to protect yourself against tax fraud:
- Register with the IRS to receive a PIN number each year for your filing.
- Sign up for an account at irs.gov (before the bad guys do).
- Consider putting a freeze on your credit reporting agencies or using a credit protection service. You can always temporarily lift the freeze if you are applying for a loan or other credit.
If you have young children, Bonnett suggested freezing their credit, too. “Hackers like to use the Social Security numbers for children because those are less likely to be discovered for a longer period of time,” she said.
Duke is continually enhancing security measures as threats evolve. Most recently, the University required multi-factor authentication to access the Duke Virtual Private Network, which allows you to create a secure connection from your computer to Duke over a public network while working remotely. Multi-factor authentication and password managers such as Last Pass are among the top recommendations for securing your information.
If your identity is stolen, you should promptly report it to the Federal Trade Commission, which provides a road map for a recovery plan. But the best plan is the one that prevents others from being able to commit tax fraud against you in the first place. Take it from someone who learned the hard way.