Skip to Main Content

Identity thieves may wait to use stolen data during tax season

Thursday, February 6, 2014

Identity thieves may take advantage of tax season by filing false tax returns with their victims’ stolen personal information in order to benefit the suspect, warns a data security proponent at the University of Georgia. 

“During tax season, identity thieves are quick to file returns and get refunds from the government that will cause a legitimate taxpayer’s refund to be denied as a duplicate return,” said Laura Heilman, a security awareness training and education manager in the university’s Enterprise Information Technology Services (EITS) office. “The legitimate taxpayer then takes on the burden of proving they are who they say they are and an identity thief was the fraudulent filer.”

According to the U.S. Government Accountability Office, fraudulent tax refunds claims associated with identity theft reached $12.1 billion in 2012 — an upward trend in recent years of such criminal activity. Tax-related identity theft and fraud is expected to reach an all-time high as people begin to file their tax returns for 2013.

“Identity thieves can score big money if they wait until tax season to use the information they have stolen the previous year to file fraudulent tax returns,” Heilman said.

The Internal Revenue Service offers guidance to taxpayers whose identity may have been stolen with its online Taxpayer Guide to Identity Theft. According to the guide, a criminal may have filed a fraudulent tax return if a potential victim:

  • Receives a letter from the IRS because more than one tax return was filed in a victim’s name
  • Receives a notice or bill from the IRS for unpaid taxes
  • Notices the IRS lists on documents employers where they didn’t work

People who suspect they may be the victim of identity theft, including the possible use of their Social Security number in connection with tax fraud, may need to file IRS form 14039, the IRS identity theft affidavit.

“Filing this form places a flag on your tax account and minimizes the opportunity for an identity thief to collect your tax return before you can,” Heilman said. “However, be aware that the IRS warns that filing form 14039 may significantly delay a tax return.”

The IRS doesn’t initiate contact with taxpayers by email, text messages or social media, as the agency only uses the U.S. Postal Service.

“Under no circumstances will the IRS request personal information, such as Social Security numbers or birth dates, by email or text,” Heilman said. “If you receive an electronic communication claiming to be from the IRS asking for that information, it’s highly likely the message is fake.”

Likewise, Heilman recommends using a reputable tax service to file tax claims, such as those in good standing with the Better Business Bureau (BBB), and using tax preparers with an IRS-issued Preparer Tax Identification Number. For those filing their taxes online, be sure to use a secure Internet connection.

“Look for the lock icon in the URL address bar or near the bottom of your browser screen,” Heilman said. “Be sure the URL of any page that prompts you for login credentials or to register for a service starts with ‘https’”.

In addition, don’t download W-2 tax statements, which display Social Security numbers, on computers at work.

“Your W-2 contains sensitive personal information and will not be encrypted on your work desktop,” she said.

For more information about taxpayer-related identity fraud, visit the IRS’ website.

UGA is participating in National Data Privacy Month, which continues until Feb. 28.

The Office of Information Security at UGA has more information on identity theft and phishing scams available at infosec.uga.edu. The Office of Information Security is a part of the university’s Enterprise Information Technology Services (EITS). For more information, visit eits.uga.edu

This information was accurate and complete at the time of publication. Changes in circumstances after the time of publication may impact the accuracy of the information.