It’s tax time and you very diligently submit your tax return to the Internal Revenue Service (IRS). Of course, being the diligent person that you are, you quite properly expect a tax refund from the IRS because you have paid more than your share of taxes on your income. Yet when the mail arrives, you get a nasty shock. There is no refund check in the IRS envelope addressed to you. Instead, there is a short notice letting you know that you have already filed and the refund was paid out to you.

The Problem    
You are a victim of tax fraud. Or at least taxpayer identity fraud. Someone, somehow, has gotten ahold of your Social Security number and other key information about you (full name, address, etc.) and, in anticipation of a big, juicy refund, saved you the trouble of filing a return and collecting that refund by doing it for you. Of course, they get to disappear with your money. Hence the rub—and your justifiable anger.

And disappear they do. This type of fraud is usually only discovered when the victim files his or her tax return and attempts to get the refund they are due. By then, it is too late. The IRS refuses to issue a refund because one has already been sent out keyed to that social-security number. The elderly and those on fixed government payments are often slower to notice the identity theft and take action, which makes it even more difficult for those who need their refunds the most.

Unfortunately, correcting this problem with the IRS is not easy and takes time (anywhere from six to 12 months). And the IRS problem is often not the only one; credit ratings can also be damaged and the victim may even have to block credit reports to prevent further misuse of his or her Social Security number and credit standing. This can prevent such victims from obtaining loans or making major purchases at critical times.

Even after such a “hit and run” attack, people understandably feel vulnerable to future attacks. Victims usually wonder when and where the next theft will happen, causing many sleepless nights and much worry. In fact, anyone with a Social Security number is vulnerable to this crime. Moreover, this type of crime is not usually perpetrated by just one individual, but usually by large criminal enterprises (1). So, once you are in their “system,” you might be there for quite some time to come.

This Is Not a Small Problem
Several years ago, the U.S. Government Accountability Office (GAO) investigated taxpayer identification theft and the extent of the problem. What it found was not encouraging. The GAO could not even come to grips with how large the problem might be or even how to identify the perpetrators (2). More recently, the GAO estimated that such theft had cost the IRS $5.8 billion in 2013 (3).

As if that were not enough, last year, hackers breached an IRS database and stole some 330,000 taxpayer records (3). Both 2014 and 2015 were years witnessing substantial security breaches where customer and employee personal information and data—including Social Security numbers—were stolen (4).

The U.S. Department of Justice itself states, “[i]dentities used in SIRF [Stolen Identity Refund Fraud] crimes may be stolen from anywhere. For example, SIRF criminals have used Social Security Numbers stolen from hospitals, nursing homes, and public death lists, thereby exploiting some of the most vulnerable members of our communities, including the elderly, the infirm, and grieving families....The IRS estimated that during the 2013 filing season alone, over 5 million tax returns were filed using stolen identities, claiming approximately $30 billion in refunds. The IRS was able to stop or recover over $24 billion of that total, or approximately 81% of the fraudulent claims” (5). That would mean, then, that at least $6 billion in refunds was successfully stolen, and probably even more since these were only those fraud cases that came to the IRS’ attention.

So it should come as no surprise to learn that the IRS and the U.S. Justice Department have devoted IRSconsiderable resources toward fighting this problem. On the IRS’s website, there are landing pages devoted to informing taxpayers about what actions they can take if they realize they have had their identities stolen and fraudulently used to poach tax refunds.

What To Do if You Are the Victim
If you are a victim of taxpayer identity theft, take these steps at once:

1. File a complaint with the Federal Trade Commission (FTC). File a complaint with the FTC at identitytheft.gov.

2. Report the fraud to the Treasury Inspector General for Tax Administration. If you know you don’t owe taxes or have no reason to believe that you do, report the incident to TIGTA at (800)366-4484 or www.tigta.gov.

3. Report the fraud to the IRS. Respond immediately to any IRS notices; call the number provided or, if instructed, go to IDVerify.irs.gov. Complete IRS Form 14039 (Identity Theft Affidavit) if your e-filed return is rejected because of a duplicate filing with your Social Security number or if you are instructed to do so. You should use a fillable form found at IRS.gov, print it out and then attach the form to your return and mail according to instructions. Regardless of the fraud, you are still required to continue to pay your taxes and file your tax return, even if you must do so by paper.

4. Contact the credit bureaus. Contact one of the three major credit bureaus to place a fraud alert on your credit records:
• Equifax, www.Equifax.com, (800) 766-0008
• Experian, www.Experian.com, (888) 397-3742
• TransUnion, www.TransUnion.com, (800) 680-7289

5. Contact your Bank. Contact your banks and other financial institutions and close any financial or credit accounts that have been opened without your permission or else have been tampered with by identity thieves.

Avoiding the Problem
Better yet, avoid such fraud through the following:

1. File early. Typically, the perpetrators will file the false returns electronically, early in the tax filing season so that the IRS receives the false return before legitimate taxpayers have time to file their returns. The perpetrators arrange to have the refunds electronically transferred to debit cards or delivered to addresses where they can steal the refund out of the mail.

2. Don’t fall for scam phone calls. If you receive a telephone call from someone claiming to be an IRS employee and demanding money, do not give them any of your personal information unless you are absolutely positive that they are in fact who they say they are. Instead, you should consult the IRS Tax Scams/Consumer Alerts webpage at www.irs.gov/uac/Tax-Scams-Consumer-Alerts.

3. Get a pin code from the IRS. If you have been the victim of fraud or have a reasonable belief that you will be a future victim, then you can apply to the IRS for their assignment to you of an Identity Protection Personal Identification Number (IP PIN). The IP PIN is then used in any tax filing to prove to the IRS that the tax filer is whom he or she says they are.

4. Change your passwords regularly. This advice almost goes without saying, given how reflexive it should be in all of us these days. Still, make your passwords strong and change them regularly. Also, avoid using the same password for all portals. Moreover, make sure your own and your accountant’s computers are protected with up-to-date firewalls and antivirus software.

5. Be stingy giving out your Social Security number. This advice is also a no-brainer and, yet, it is amazing how often people will eagerly provide their Social Security number when just anyone asks for it! I routinely refuse to give out this number when asked for it by doctors, stores and others who demand to know it as if they are entitled to it. They are not and you should learn how to say “no” to these people. If they ask you why, simply tell them the truth: There is far too much identity theft taking place these days and you want to be careful. Above all, do not provide such information over the telephone or Internet, or even put it in e-mails (which are routinely intercepted) (6).

6. Watch your papers. Shred documents that might have sensitive information such as your Social Security number. And definitely do not carry your Social Security card around with you in your wallet or purse.

7. Adjust your tax withholdings. Many taxpayers like to have their tax withholdings kept large, as if the IRS is some sort of savings bank. This approach might be appealing as a forced savings plan, but it does leave those “savers” especially vulnerable to having their nest egg stolen and then large amounts of their money frozen as much time and energy is spent trying to get those stolen “savings” back. Far better for you to keep the withholdings tight to the line of what you anticipate owing in taxes. That way, at least you will be waiting for a much smaller amount to be—hopefully—returned to you.

Our increasingly impersonal and number-driven society makes it much easier for criminals to trick the system and abscond with large hauls of loot, but you can protect yourself through prudent and timely action and by being willing to say “no” to those who really have no business asking you for personal identification numbers. Take precautions; and if those precautions fail you, then take immediate action to staunch the damages. Good luck to us all. WF

References
1. U.S. Department of Justice, “Stolen Identity Refund Fraud,” updated Feb. 24, 2016, www.justice.gov/tax/stolen-identity-refund-fraud, accessed Feb. 29, 2016.
2. Dissent, “GAO: Total Extent of Refund Fraud Using Stolen Identities is Unknown,” Office of Inadequate Security, Nov. 30, 2012, www.databreaches.net/gao-total-extent-of-refund-fraud-using-stolen-identities-is-unknown, accessed Feb. 29, 2016. See also GAO, “Identity Theft” at www.gao.gov/products/GAO-13-132T, accessed Feb. 29, 2016.
3. L. Saunders, “How to Fight Identity Theft at Tax Time,” The Wall Street Journal, Feb. 6–7, 2016, p. B7.
4. S. Kuranda, “The 10 Biggest Data Breaches of 2015 (So Far),” CRN, July 27, 2015, www.crn.com/slide-shows/security/300077563/the-10-biggest-data-breaches-of-2015-so-far.htm, accessed Feb. 29, 2016.
5. U.S. Department of Justice, “Stolen Identity Refund Fraud,” updated Feb. 24, 2016, www.justice.gov/tax/stolen-identity-refund-fraud, accessed Feb. 29, 2016.
6. Internal Revenue Service, “Taxpayer Guide to Identity Theft,” updated Feb. 3, 2016, www.irs.gov/uac/Taxpayer-Guide-to-Identity-Theft, accessed Feb. 29, 2016.Legal Tips

A graduate of the University of California at Berkeley Law School, Scott C. Tips currently practices internationally, emphasizing Food-and-Drug law, business law and business litigation, trade practice, and international corporate formation and management. He has been involved in the nutrition field for more than three decades and may be reached at (415) 244-1813 or by e-mail at scott@rivieramail.com.

Published in WholeFoods Magazine April 2016