Identity theft fraud caught by the IRS has skyrocketed since 2008, the Government Accountability Office said in a report released this week.

In 2010, the GAO said the IRS found 245,000 cases of identity fraud--cases in which Social Security numbers of others were used to either falsely try to collect a refund or to get work and avoid taxes. That is up from fewer than 52,000 cases in 2008.

A particularly scary part of the crime is that the victims have no way to protect themselves.

“The incidence of tax-related identity fraud is indeed staggering,” said Paul Stephens, director of policy and advocacy for Privacy Rights Clearinghouse. “The number of reported cases significantly undercounts the actual numbers because there tends to be a significant delay in detecting most cases of tax-related identity fraud.”

He said the government is somewhat hamstrung from doing more to protect the victims.

“Unfortunately, various laws constrain the IRS from taking more aggressive action to curtail this abuse,” Stephens said. “For consumers, tax-related identity theft can be extremely difficult to resolve, despite the fact that IRS has set up a special unit to assist taxpayers with this problem. Other than trying to protect their Social Security numbers from unnecessary disclosure, there is little that consumers can do to protect themselves from this type of identity theft.”

According to the GAO, privacy laws sharply limit information that is shared with victims and even with criminal investigators.

“IRS cannot disclose to the taxpayer any other information pertaining to employment or refund fraud, such as the perpetrator’s identity or any information about the perpetrator’s employer,” the GAO reported. “Additionally, IRS has limited authorities to share identity theft information with other federal agencies.”

Even in criminal investigations, the IRS can share very limited information with federal investigators and less with state and local authorities, the GAO said.

The growth in the number of cases appears due in large part to the IRS building screens in its computer systems to do such things as flag filings using the Social Security numbers of the dead (a recent pilot project). The GAO said in many instances it is the legitimate taxpayer’s filing that triggers the alert to the IRS because it appears as though a duplicate return has been entered into the system. Because of the confusion, the processing of the return of the legitimate taxpayer gets delayed.

Similarly, when a fraud uses someone else’s Social Security number to get a job, it appears as though the victim has unreported income. That actually triggers a notice sent to the victim telling them they failed to report all their income.

The GAO also reported that the IRS has made some progress in trying to get a handle on this kind of fraud. One step has been to help those who are already known victims of identity theft. Those taxpayers are channeled to a special unit set up for victims who might otherwise get trapped in the bureaucracy.

Some known victims-- about 56,00--were also assigned special personal identification numbers to further protect their returns.

At a minimum, people need to not make it easier for thieves to get the Social Security Numbers. Here is a list from the Federal Trade Commission of the main ways Social Security Numbers are stolen:

* From workplaces
* By pay an employee who has access to these records
* Hacking into the records
* Stealing mail with personal financial information
* “Dumpster diving”
* By posing as a landlord, employer or someone else who may have a legal right to access your report
* Stealing your wallet or purse
* Completing a change of address form to divert your mail
* Posing as a legitimate company and coaxing you to reveal the information by phone, a web form or by e-mail