Tax Time is Primetime for Identity Thieves

Picture this: It’s two days before April 18 and your accountant calls to say she is missing the 1099 form from your bank. You rifle through your files and darn, there it is. You forgot to include it along with the other paperwork you gave her.  No problem, you simply scan it and e-mail it to her…or so you think.

Tax season is primetime for identity theft, and e-mailing personal documents and e-filing could mean putting your personal information at risk.

That e-mail that you thought just went to your accountant could have also gone to six other unsavory individuals who have nothing but bad intentions when it comes to your personal information.

How did this happen? Perhaps you didn’t install security software on your computer, or deleted it because you thought it was slowing your machine down. Or maybe you just missed an update.

Then again, the weak link could be the software your accountant uses--or doesn’t use.

What to Do if Your Personal Information Has Been Breached 

“In the big push for e-filing, folks haven’t thought enough about the confidentiality of this,” says Pepperdine University Law Professor Paul Caron, who edits the blog TaxProf. Caron says at this time of year, “so many people freely e-mail some of the most personal information imaginable.”

The problem isn’t necessarily between you and the IRS.  If you file your own return, the information is encrypted as long as you use one of the “freefile” or “e-file” firms listed on the IRS Web site.

If you purchase software elsewhere, either in store or online, it too encrypts your information when you e-mail your return according to the directions.  However, Caron cautions that if you purchase tax filing software online, make sure you go to the provider’s Web site directly and not by clicking on links embedded in e-mails. Links not originating on a vendor’s Web site could simply be phishing scams--offers that look legitimate, but are aimed at capturing sensitive personal data.

The security breach at online marketing firm Epsilon earlier this month is a timely reminder of the lengths cyber thieves will go just to obtain your e-mail address. Epsilon annually sends out more than 40 billion e-mails for its 2,500 corporate clients, including JPMorgan Chase (NYSE:JPM), Walgreens (NYSE:WAG), Marriott (NYSE:MAR), Citigroup (NYSE:C), Hyatt (NYSE:H), CapitalOne (NYSE:COF) and Best Buy (NYSE:BBY). So far, it has refused to divulge how many consumer accounts were breached and stresses that “only” e-mail addresses were hacked

However, clever identity theft groups can take just an e-mail address to glean more personal information by sending authentic-looking e-mails--complete with corporate logo--that lead you to a bogus Web site. Thinking you have arrived at the genuine Web site of your bank or other company with whom you do business, you may drop your guard when asked to for your password, Social Security number, account numbers, home address, and other confidential information. The next thing you know, your bank account has been drained.

According to Jennifer Leuer, general manager of ProtectMYID, a division of Experian(1), it’s simple to check whether your computer’s security software is up to date. Windows users should click on “all programs” and then the software name, “the dashboard will run a scan on your computer and download any updates,” she explains. There may be a cost for this, but it’s minimal when you consider the risks involved.

Be sure your tax preparer takes the same precautions. If you use a large, established firm, you’re probably fine, they can’t afford to risk the liability involved. Caron’s more worried about “Joe Smith, CPA in Small Town, USA;” the one or two-person office down the street--when is the last time their software was updated?

Leuer stresses the importance of not even opening e-mails from unknown senders; they could contain “Trojan” software that downloads a keystroke logger onto your computer. Trojan horses record everything you type, including checking account numbers, passwords, employee IDs, etc...Leuer suggests getting monitoring software if your information has been exposed, it will screen your accounts and credit files and notify you if it detects suspicious activity.

If you’re really feeling paranoid, Caron’s advises to completely avoid transmitting any sensitive information via the Internet. The most secure route, he says, is the old-fashioned one: hand deliver your tax information to your preparer and send your tax return to the IRS via certified mail. Don’t let your return out of your sight until it goes into a U.S. Postal Service box, and above all, don’t stick it in your home mailbox and put up the red “I’ve-got-out-going-mail flag.” “That’s just asking for trouble,” he says.

If you’ve made up your mind that e-mail is the way to go, after you send any information to your accountant or the IRS, Leuer recommends going back and deleting any cookies stored on your Web browser.

A big mistake is letting your guard down after your file your tax return. ProtectMYID recommends that along with deleting cookies on your Web browser, you shred any documents you don’t need and lock away those you do. Anyone coming into your home- the housekeeper, plumber, painter, and, yes, even a relative (sadly, there are documented cases)- might be tempted to steal or copy your confidential information.  And if your home is broken into, your personal information might be the main thing a thief is after.

According to a ProtectyMYID survey, 89% of people who use a tax professional or tax service to prepare their returns are not concerned about them losing or misplacing information, but they should be. Ask your preparer what happens to your documents and other data once your return is filed: Is it returned to you? Shredded? Or simply thrown in the trash?

We all hate to think about become a victim of identity theft, yet most of us know at least one person who has experienced the trauma, the hassle and the expense it can wreak.

As Leuer puts it, “identity theft protection is part of good financial management.”

1. One of the three major credit monitoring firms.

Ms. Buckner is a Retirement and Financial Planning Specialist at Franklin Templeton Investments. The views expressed in this article are only those of Ms. Buckner or the individual commentator identified therein, and are not necessarily the views of Franklin Templeton Investments, which has not reviewed, and is not responsible for, the content. 

If you have a question for Gail Buckner and the Your $ Matters column, send them to:, along with your name and phone number.