Americans at Risk of Identity Theft as They File their Tax Returns (betanews.com) 77
Ian Barker, writing for BetaNews: As we move into the tax return season a new study reveals that attitudes to identity theft and a pattern of poor practices are leaving much of the public vulnerable. Data security and ID theft protection company CyberScout has carried out its second annual Tax Season Risk Report and finds 58 percent of Americans are not worried about tax fraud in spite of federal reports of 787,000 confirmed identity theft returns in 2016, totaling more than $4 billion in potential fraud. Among other findings are that only 35 percent of taxpayers demand that their preparers use two-factor authentication to protect their clients' personal information. Less than a fifth (18 percent) use an encrypted USB drive to save important documents like tax worksheets, W-2s, 1099s or 1040s. And another 38 percent either store tax documents on their computer's hard drive or in the cloud, approaches that are susceptible to a variety of hacks.
Re: (Score:2)
Re: (Score:3)
Re: (Score:2)
Re: (Score:2)
Nah, I am an undocumented tax payer.
Re:Thankful to the Donald we don't have to file (Score:4, Insightful)
Not paying your taxes makes you smart!*
* Only applies to billionaires. Attempts to apply this to someone in the middle class may result in jail time.
Re: (Score:2)
ask your employer to "hire" you as a "contractor,"
At least in Canada, CRA has some pretty strict definitions of what a contractor is. If you're basically going back to full time employment for one employer, you are not a contractor and CRA will catch that if you're ever audited./p
Re: (Score:1)
So what are we to do? (Score:3)
"And another 38 percent either store tax documents on their computer's hard drive or in the cloud, approaches that are susceptible to a variety of hacks." - really? So, other than a local storage ("hard drive") or remote storage ("cloud"), what other approaches are there to storing documents that are not susceptible to any hacks? Paper printouts? :) This article is brought to you by association of paper manufacturers.
Encrypt your hard drive, choose good passwords for your cloud storage and don't share them with others. Your data is at most risk at your doctors office, btw (where they have all of your personal information, along with SSN and family records). I had 2 notifications of personal information theft from doctor's billing processor's offices in the last 2 years.
Re: (Score:2)
Re: (Score:2)
stored on my primary computer's hard drive. In order to steal them, someone has to come to my house and steal my computer.
All someone has to do is gain remote access to your computer and they have access to your documents. Could happen through a Javascript exploit. Yikes!
No kidding. You'd think someone posting on a site like slashdot would be more familiar with technology than to assume that the only way to steal documents on a hard drive is to physically steal the computer...
scare mongering getting old (Score:4, Insightful)
All these individual security tactics are NOT where the problem lies. You can encrypt your drives, use TFA, and shred all the paper. But thieves steal the enitire DB at Intuit or irs.gov. American attitudes are properly aligned. We don't control the databases where most theft occurs.
Re:scare mongering getting old (Score:5, Insightful)
All these individual security tactics are NOT where the problem lies. ... But thieves steal the enitire DB at Intuit or irs.gov.
You are correct that "individual security" is not the problem, but DBs are not the problem either. The real problem is the idiotic notion that SSNs can be both widely known and secret. I am required to provide my SSN to my employer, my bank, my doctor, my state government, etc. Yet mere knowledge of that number is supposed to authenticate my identity? That makes no sense.
Re: (Score:2)
That's one of my peeves. The SSN is fine as an ID. It is NOT fine as a password, and those people who treat it as such are idiots.
Re: (Score:2)
The SSN is fine as an ID.
Actually, it is not. SSNs are not unique. Many people share SSNs with other people that they have never met, and may not even be aware of. What is unique is the SSN+DOB combination. That is why any government form that asks for your SSN, will also ask for your DOB.
Re: (Score:2)
Actually, it is not. SSNs are not unique. Many people share SSNs with other people that they have never met, and may not even be aware of. What is unique is the SSN+DOB combination. That is why any government form that asks for your SSN, will also ask for your DOB.
Citation needed. The SSA does not re-issue numbers. So far, it has issued 450 million out of about 1 billion numbers, but it hasn't issued any duplicates (although some people have been issued more than one). There were some news reports a while ago about a company that did analysis on databases they had access to and found that some numbers were associated with more than one name, but those were just examples of identity theft or clerical errors. Of course, the media immediately trumpeted "ZOMG other p
Re: (Score:2)
Citation needed.
Citation [wikipedia.org]
Citation [computerworld.com]
Citation [nbcnews.com]
Re: (Score:2)
NONE of those show that the SSA reissues SSNs. The first is the Wikipedia page saying so, the second is a story about two women accidentally given the same number at birth because they share a lot of details in common, and the third is a story about numbers being used by multiple people due to fraud, mistakes, or other problems.
The SSA does not re-issue numbers.
Re: (Score:2)
NONE of those show that the SSA reissues SSNs
Nobody said they did. I said they were NOT UNIQUE. They aren't.
Re: (Score:2)
Not sure what you want me to look at on the Wikipedia article was it this?
However, there have been instances where multiple individuals have been inadvertently assigned the same Social Security number
The reference actually only mentions a single instance of this happening, not multiple as the Wikipedia article says. Yes, that was a case of two people being assigned the same number. However, they also had the same name and same birthday, so your assertion that the federal government uses a combination of S
Re:scare mongering getting old (Score:5, Informative)
Another problem are credit companies who treat identity theft with a shrug and a "that's your problem." Someone obtained my name, SSN, DOB, and address. How, I'll never know. They opened a Capital One credit card in my name. The fact that the mother's maiden name was wrong on the form wasn't a red flag. Neither was the immediate address change to another state. Nor was "my wife" calling to request a $5,000 cash advance before the card was activated.
When the card arrived at my house (a lucky quirk of them paying for rush delivery and THEN changing the address), I called CapitalOne. First, they insisted that it couldn't have been fraud, asking if my wife opened it without my knowledge. (She was next to me, freaking out about the situation. That'd be a no.) Then, they admitted that it might be fraud, closed the card out, but refused to give me more information. They literally told me "If we give you the address on the account and you go there and shoot them, we'd be liable." Apparently, they didn't think anything about liability if they opened an account under my name, ignoring a lot of red flags. They even stone-walled the police - telling them to call one phone number that was "manned" by an answering machine whose messages were never returned.
Eventually, I gave up on trying to push the investigation forward and just froze my credit. For all I know, the thieves who stole my identity are still out there racking up debt on other people's credit.
Re: (Score:2)
I froze my credit records at the three big credit agencies a few years back. Just for anyone's info, you go to their sites and route around until you find out which stupid pet tricks they make you perform to do it. If I recall, two were relatively easy, one was a royal pain in the tookus to find out how. Each charges between $10-$15...back then, dunno what it is now.
If you need credit, you can get them unlocked for a period of time before the lock goes back on. I think it varies between 30-45 days. And of c
Re: (Score:2)
Re: (Score:2)
We froze both of our credit files after the identity theft. It's useful when stores try to pressure you to "save 5% now if you just sign up for our card." Nope. No can do. My credit's frozen due to identity theft. That shuts them up real quick. On the down side, though, we gave up on refinancing our mortgage a couple of years ago even though we could have saved money. It was too much of a headache to thaw our credit, get the mortgage quotes, and try to get everything signed before the freeze took effect aga
Re:scare mongering getting old (Score:5, Interesting)
Reality is "Identity Theft" is a purposeful lie produced by public relations and marketing agencies to push the burden of the crime from the banks to individuals. It is a lie. The reality is the fraud is not against the individual the fraud is against those who accept that false identity. Why the shift, so you the ignorant mug punters get stuck with the loss and the banks wander off laughing.
The truth is, when you get hit by a false claim, you are entitled to seek the prosecution of those who attempted to make that false claim. By any reasoned justice those who made the false claim against you must now prove they were defrauded by another party, else be charged with fraud themselves. It should never ever be up to you to prove anything, you should just be able to forward a complaint of false fiscal claims against you as fraud to the authorities and let them deal with it.
Of course the banks would end up with the bill, hence the scam of identity theft, where you the innocent party and now liable for the corrupt stupidity of the banks until you can prove your innocence, can you not see the criminal corruption in that.
Re: (Score:2)
Put the liability for improper identity verification on the financial institutions and watch the problem get fixed real fast.
I know it's not done because of cost, but identity verification really should be done in-person. You verify their government issued documents, maybe confirm some biometrics and if someone is trying to commit fraud you have them right there for the police to apprehend.
Re: (Score:2)
Re: (Score:2)
https://www.irs.gov/individual... [irs.gov]
by signing up at the above (well in advance of the return due date, it's likely too late to ask for one for your 2016 return), it essentially functions as a password for your return
I suspect (Score:3)
they can't hack the paper forms I mail in.
Re:I suspect (Score:4, Insightful)
they can't hack the paper forms I mail in.
They can as soon as the forms are scanned, and your info is inserted into the same DB as everyone else.
Re: (Score:2)
they can't hack the paper forms I mail in.
Right. Because no one with access to your mail would ever possibly read it.
Mathtime (Score:2)
Re: (Score:2)
787000/330000000 = less than a 1:500 chance.
Most households only file one return. Last year there were about 140M returns filed. So the chance is actually about 1:150 ... and those are only the confirmed cases.
Re: (Score:2)
IRS PIN (Score:2)
Paper tax return (Score:2)
Not just because it's much less likely to be hacked. I just want the IRS to feel some pain trying to read my chicken-scratch handwriting to make up for what I feel when handing them my money.
IRS motto: We've got what it takes to take what you've got.
Re: (Score:2)
So you make it harder for yourself... in order to put more burden on an agency that's funded by YOUR tax dollars. WTF kind of immature logic is that?
Re: (Score:2)
So you make it harder for yourself
It's not really harder to fill out the forms by hand. And its an issue of the vulnerability of electronic filing that I am concerned with. Somebody has to key in the figures, so it might as well be done by the IRS rather than me. What makes life easier for them also makes it easier for the scammers.
We have to stop thinking of ourselves as being subservient to our bureaucratic overlords.
Re: (Score:2)
Not an issue for Greeks and major companies.
True, I think the ancient Greeks will not be affected by this. However, lot's of Seagate employees (and employees of other major companies) will disagree with you.
shared knowledge (Score:2)
Re: (Score:1)
Re: (Score:2)
Many people in the UK don't do a tax return and their tax is exactly correct at the end of the year.
This is accomplished in several ways: 1. Just like the USA, employers and other entities send data to HMRC. 2. Many allowances are limited to basic rate tax, so the amount of the allowance doesn't change based on income. 3. Interest and dividends are taxed at source. and probably the most significant difference: 4. Employers calculate tax to be deducted on a rolling basis (taking account of prior income and t
Re: (Score:2)
Then congress should quit trying to do their social engineering through the tax code and remove all those deductions, the only thing I can see there that would require any input from the taxpayer is "received money from a friend/relative" and I'll guarantee 99% of such transactions go unreported anyway. If congress wants to encourage having children, or home ownership, or having solar panels, or being a blind railroad worker, let them make a direct appropriation and send checks to the people who they decid
old guy here (Score:2)
I still file mine hardcopy in the mail since the 20th century. So no worries of internet hacking.
Actually one concern is throughout the years there have been staff cuts at IRS, and probably more soon. A friend who has a accounting/taxes business says Fresno office used to have a couple auditors that were good to work with (yes, not all tax audits are perilous, occasionally they want to review certain returns). So maybe filing hardcopy might soon be a thing of the past as less competent people to deal with
Fraudulent 1040 filed for me last year (Score:3)
Re: (Score:2)
I already filed, (Score:2)
but if I hadn't, they'd have been welcome to pay what I owed.
Re: (Score:2)
but if I hadn't, they'd have been welcome to pay what I owed.
I'm pretty sure the criminals filing false returns are also using false data so they can get a false refund.
W2 Spearphishing (Score:2)
I'm seeing a lot of W2 spearphishing.
Note the return domain CORNPANY.com not COMPANY.com.
just do the prez... (Score:2)
Seriously? (Score:2)
Another reason to scrap the income tax (Score:3)
Everyone understands that taxation creates a disincentive for particular behavior, which is precisely why tobacco is taxed at such ridiculous levels. Why the hell do we tolerate a tax system which creates a disincentive for working and producing things?
Eliminating the ridiculously complex, multi-thousand page income tax code also gets rid of the government's favorite and most convenient mechanism for handing out favors to wealthy special interests. It creates an incentive for businesses to invest in the U.S. & makes U.S. goods more competitive vs. imports