Feature Article
Mark Pribish
ID Theft, Your 2011 Taxes and Your Tax Preparation Service Provider
By Mark Pribish
Vice President and ID Theft Practice Leader

According to a January 12, 2011 Privacy Rights Clearinghouse (PRC) posting on "Tax Season Tips to Protect Your Privacy" - your information return form is a primary target for identity theft thieves who are committed to stealing your sensitive information including your Social Security Number.

You can read more at PRC here on how information returns (which typically come from employer groups and financial institutions to report income and property transactions to the IRS), contain your full Social Security Number and other sensitive information.

That said, an emerging trend from identity theft thieves is to steal Social Security Numbers and tax return information from your tax preparation service and to file false tax returns - so I have prepared a checklist on how you can complete a basic due diligence review on your tax preparer or tax preparation service including:

  • Make sure your tax preparation service company conducts background checks on its tax preparers.
  • Use a tax preparation service that has an up-to-date Information Security and Privacy Policy - which means your tax preparer is more likely to be responsible in safeguarding your tax return information.
  • Research professional experience, certification(s), continuing education, and privacy policy. There have been a number of cases in which identity theft has occurred after consumer information was breached through the negligence of tax preparers.
  • You should be aware that your tax return includes sensitive and personal information that identity thieves steal - including your name, address, and Social Security Number, along with your dependent's names and Social Security Numbers, bank account number and other financial account information.
  • You should be aware that the FTC continues to report identity theft as one of their top complaints - and yet state and federal government agencies continue to be a source of data breach events since they require Social Security Numbers on state and federal documents, while continuing to exhibit lax information security.
  • You should be aware that your Social Security Number and the Social Security Numbers of your spouse and children are linked to your current and former employers, healthcare providers (doctor, dentist, hospital), health care insurance carriers (medical/dental insurance), insurance agents (home, auto, and life), educational institutions (students, parents and alumni), and financial institutions - and that NO ONE COMPANY can PREVENT you from ever becoming a victim of identity theft.
  • You should know that not every tax preparer can represent you before the IRS. Only a tax preparer that is an enrolled agent (EA) or certified public accountant (CPA) can represent you before the IRS relating to prepared taxes that they did not prepare.

Since identity thieves are targeting individuals and tax preparation service providers (including information returns and tax returns), the Internal Revenue Service has a link (please see here) where you can learn more about suspicious emails and identity theft scams.

To conclude, be safe and secure in filing your 2011 taxes.

To learn more about these threats and how to protect yourself and your family from Identity Theft, you can read my past newsletters at the Merchants Identity Theft Educational Website at www.idtheftedu.com.


Scam Central

Secure Wi-Fi Hotspot Education

Internet access has truly become a daily necessity. Just as some people cannot function without their morning coffee, some people cannot function without access to the Internet. For some, the Internet has become so addictive that they are unable to go more than a few hours without access. For those types of individuals, a mobile device with Internet access is the answer. However, depending on the type of data plan you have, being in constant contact with the Internet can be an expensive addiction. You may remember the California teenager who racked up $22,000 on his phone (read the full story here). If you would like to avoid a huge phone bill, free WI-FI access may seem like an ideal solution. However, users of free WI-FI should take special precautions. Using unencrypted free WI-FI hotspots and accessing unsecure websites can put your personal information at risk.

How It Works:

There are many places where you can access the Internet for free. You may find one of these places, generally referred to as "hotspots" at hotels, airports, restaurants, coffee shops, libraries, bookstores, etc. as many businesses consider free WI-FI a draw for customers. If you go in and use their free WI-FI service, you may be tempted to purchase something. However, many of these hotspots are not using encryption and that can leave your information vulnerable to any eavesdropping identity thief.

When you use an encrypted network, your information is scrambled as it flies through the air, making it extremely difficult for any eavesdropper to identify the information coming across, whereas an unencrypted network sends your data exactly as is. If a savvy snooper is able to capture your unencrypted data, they can read it and thus they may snag your username, password, credit card or bank account numbers, and many other pieces of personally identifiable information that you certainly would not give out freely.

Your Defense:

When you use a free WI-FI hotspot, make sure the network is encrypted. According to an FTC Consumer Alert (click here to read the full alert), there are a couple of ways to determine if your hotspot is secure:

  • "If a hotspot doesn't require a password, it's not secure."
  • "If a hotspot asks for a password through your browser simply to grant access, or it asks for a WEP password, it's best to treat it as if it were unsecured."
  • "You can be confident a hotspot is secure only if you are asked to provide a WPA password. If you're not sure, the information you enter could be at risk. WPA2 is the most secure."

If the hotspot you are currently attached to is unsecured, your best defense is to only use websites that you know are encrypted. Look for sites whose address starts with "https" rather than just "http". Also, look for the lock icon on your browser's toolbar when on a webpage as these sites are encrypted. If only the login pages are encrypted, log out and do not continue to use that site while on an unencrypted hotspot.

The FTC also gives some suggestions for protecting your personal information while using any public hotspot.

  • "When using a Wi-Fi hotspot, only log in or send personal information to websites that you know are fully encrypted. And keep in mind that your entire visit to each site should be encrypted - from the time you log in to the site until you log out. If you think you're logged in to an encrypted site but find yourself on an unencrypted page, log out right away."
  • "Don't stay permanently signed in to accounts. When you've finished using an account, log out."
  • "Do not use the same password on different websites. It could give someone who gains access to one of your accounts access to many of your accounts."
  • "Many web browsers alert users who try to visit fraudulent websites or download malicious programs. Pay attention to these warnings, and take the extra minute or so to keep your browser and security software up-to-date."
  • "If you regularly access online accounts through Wi-Fi hotspots, use a virtual private network (VPN). VPNs encrypt traffic between your computer and the internet, even on unsecured networks. You can obtain a personal VPN account from a VPN service provider. In addition, some organizations create VPNs to provide secure, remote access for their employees."
  • "Some Wi-Fi networks use encryption: WEP and WPA are the most common. WPA encryption protects your information against common hacking programs. WEP may not. If you aren't certain that you are on a WPA network, use the same precautions as on an unsecured network."
  • "Installing browser add-ons or plug-ins can help, too. For example, Force-TLS and HTTPS-Everywhere are free Firefox add-ons that force the browser to use encryption on popular websites that usually aren't encrypted. They don't protect you on all websites - look for https in the URL and the lock icon to know a site is secure."

To conclude, WI-FI hotspots are a huge convenience, but they can leave your information vulnerable if you don't take the necessary precautions to keep your data safe. Surf wisely.

If you believe your identity has been stolen, call 866.SMART68 today.