It seems to happen each year. I eFile a completed tax return and receive a notice that the eFile was rejected because another return has already been filed with that social security number. Each year, thousands of people become the victims of identity theft and fraud. Whether claiming someone else’s refund, opening a loan or taking money out of a bank account that isn’t theirs – it seems that crime pays and that money is what drives thieves to steal your identity and commit fraud.
What can you do about it? Here are some steps you can take to make it a little bit harder for the bad guys.
Freeze your credit report at each credit reporting agency.
Freezing your credit report prevents people with your identity information from opening loans or credit cards in your name. A lending institution will not issue the credit when an account freeze is in place. When you need it, you can unfreeze your account to obtain the credit you need and then lock it again afterwards. You can also create credit reports for your children and lock them too.
Request an Identity Protection PIN from the IRS.
After a fraudulent tax return is filed using your information, there is a lengthy process to report the fraud and the IRS will issue identity protection PINs that must be included when filing return or the agency will not accept them. You don’t have to wait to become a victim. You can request one from the IRS website now. The agency will send you a new PIN every year to include when filing your return. Don’t lose the PIN and make sure you provide it to your CPA at tax time. Having an identity protection PIN helps prevent thieves from claiming a refund to their bank account at your expense.
Setup your Social Security Administration account online.
Another way thieves attempt to gain at your expense is to request Social Security benefits using your information. The funds go to their bank accounts and you may not even know it has happened. One way to help prevent this is to set up your online account at the ssa.gov website. If your account is already setup, thieves can’t open one before you.
Use pass phrases and different pass phrases at each account.
Remembering all of our passwords can be hard. I know I personally had to reset a few passwords for services I don’t access frequently just this week. Because it becomes hard to remember every password, people often become complacent and use the same password for everything. Having only one password is not good advice. Because data leaks happen, it is best to have a different password for each account or service. Better still is to use pass phrases instead of passwords for each account or service. Some sites require a certain length, special characters, numbers and capital and lowercase letters which makes it even harder to remember. When you sign up for a new The Flintstones fan page, rather than setting up a password such as “Fl!ntst0ne” you should think of a phrase related to the account you are setting up such as “Wilma.I’mHom3”.
You should also make sure that your banking and financial account passwords and pass phrases are different from all the passwords and phrases you use.
Turn on multifactor authentication.
Another way to help protect yourself is to use multi-factor authorization on the accounts. After inputting your newly minted strong pass phrase, you can have the service send you a text or email with a number to use to prove that it is you that is accessing the account. Experts seem to recommend use of text over email for multi-factor authorization as you have to have the phone in hand to receive the text whereas your email could be accessed from anywhere.
Consider using a password manager.
If it is too hard to remember all of your passwords and phrases, consider getting a password manager to assist rather than reverting back to simple passwords. These are secure tools that keep track of your passwords and phrases and keep them private while allowing you to login with a master password or phrase. These are available for phones and for your computer.
Ensure the websites are secure before you input your information.
Making sure that the website you are visiting is the correct one before you begin to type your information is also important. Look for the padlock symbol next to the website address to show the site is secure and verify you are at the correct place.
Question your email.
Spam blockers filter out millions of emails a day but spam, junk and phishing (posing as something else to obtain your credentials) messages still get through. Before clicking on anything in the email, use common sense – are you expecting this “your account has been locked” or “we have detected fraud” or “_________” email. If not, tread cautiously. Hover over the sender’s email address and see if it is coming from who it should – “PayPal Support (firstname.lastname@example.org)” is probably not from PayPal as they don’t send email from a gmail address. You can stop, report the message and then mark it as spam or phishing, delete it and move on. You can also do the same with links in the message – are they taking you to the anticipated site? If the message purports to be from someone you know and seems weird, call them and ask if they sent it.
Avoid online personal trivia games or questionnaires on social media and other sites.
While these may be fun to see the promised result, be it your personality type, how you will die, etc., these “games” are often used to help gather personal information about you that can be used to create fraudulent accounts in your name. Be wary of anything that ask questions about your birthday, month, year and/or any of the questions you might see when setting up security questions.
This blog allows you to experience the raw, gut wrenching drama of human conflict through accounting in each of its three stages: preparing to do battle, the thrill of victory and the agony of defeat.