The Federal Bureau of Investigation’s website is a valuable resource. It has a lot of information about many different types of identity theft that we at ProtectMyID want to share with our readers. Once a month, we highlight a news announcement, article, alert, or other item from the FBI website about identity theft so you can learn more about how this crime is perpetrated.

Six Charged in Scheme to Use Identities of Deceased People to Get Tax Refunds

WASHINGTON—A 10-count indictment was unsealed, charging six people with various offenses related to a scheme to defraud the Internal Revenue Service (IRS) of at least $1.7 million in fraudulently obtained tax returns, often filed in the names of recently deceased taxpayers.

According to the indictment, between April 15, 2009 until at least August 2011, Muaad Salem, Fahim Sulieman, Hanan Widdi, Najeh Widdi, Hazem Woodi, and Daxesj Patel, and other unknown co-conspirators allegedly defrauded the United States by filing false and fraudulent tax returns, many in the names of recently deceased taxpayers, and directing refunds to controlled locations in the state of Florida.

The indictment further alleges that the U.S. Treasury checks generated by the false and fraudulent returns were then sent by to co-conspirators in Ohio who would sell and distribute the checks for negotiation at various businesses and banking institutions.

“The theft of anyone’s identity is a serious offense, but stealing the identities of the recently departed to defraud other taxpayers is particularly egregious,” said Steven M. Dettelbach, the U.S. Attorney for the Northern District of Ohio.

“Identity theft that leads to tax fraud threatens both individual U.S. citizens and the U.S. government,” said John A. DiCicco, Principal Deputy Assistant Attorney General of the Justice Department’s Tax Division. “The Justice Department and the IRS will continue to cooperate in investigating and prosecuting these crimes to the fullest extent of the law. In our technology-driven society, this simply must be a top priority.”

The six are also charged with three counts of mail fraud and two counts of aggravated identity theft. In addition to the other charges, Patel is separately charged with two counts of making a false claim against the United States and with making a false statement to law enforcement officials investigating the crimes.

“The IRS is aggressively pursuing those who steal others’ identities to file false returns,” said Steven Miller, IRS Deputy Commissioner for Services and Enforcement. “Our cooperative work with the U.S. Attorney’s Office will help protect taxpayers in Northern Ohio from being victimized by identity theft. The IRS is taking additional steps this tax season to further prevent, detect and resolve identity theft cases as soon as possible.”

“This case is an example of the FBI and IRS working together to aggressively pursue and investigate those organized criminal enterprises that commit identity theft and fraudulent activities in the United States costing the taxpayers of this country millions of dollars,” said Stephen D. Anthony, Special Agent in Charge of the FBI’s Cleveland office.

“IRS Criminal Investigation has made investigating refund fraud and identity theft a top priority,” stated Darryl Williams, Special Agent in Charge, IRS-Criminal Investigation, Cincinnati Field Office. “Filing fraudulent tax returns in the names of other individuals may result in significant harm to those individuals whose identities were stolen, as well as a monetary loss against the U.S. Treasury.”

Mail fraud is punishable by a maximum sentence of 20 years in prison; conspiracy to defraud the United States is punishable by a maximum sentence of 10 years; conspiracy to commit mail fraud, making a false claim against the United States and making a false statement are each punishable by a maximum sentence of five years in prison; aggravated identity theft is punishable by a mandatory sentence of two years’ incarceration to follow conviction on any other offense.

Defendants also face a fine of up to $250,000 for each count of conviction.

The case was presented to the grand jury by Assistant U.S. Attorney Gary D. Arbeznik following investigation by the Cleveland Division of the FBI, the IRS-Criminal Investigation, and the U.S. Postal Service.

An indictment is only a charge and is not evidence of guilt. The defendants are entitled to a fair trial in which it will be the government’s burden to prove guilt beyond a reasonable doubt.

The Federal Bureau of Investigation’s website is a valuable resource. It has a lot of information about many different types of identity theft that we at ProtectMyID want to share with our readers. Once a month, we’ll highlight a news announcement, article, alert, or other item from the FBI website about identity theft so you can learn more about how this crime is perpetrated.

Two Charged in Identity Theft Scheme

Kenneth C. Osbourne, Jr. and Sheldon Hylton were charged by indictment, filed on August 25, 2011, with conspiracy to commit bank fraud and aggravated identity theft, and aiding and abetting, announced United States Attorney David Memeger. Hylton is also charged with wire fraud and possession, with intent to use unlawfully, of five or more false identification documents.

The charges stem from the defendants’ participation in an identity theft scheme that resulted in the personal identity information of approximately 86 individuals being compromised. According to the indictment, defendant Osbourne used his position as a customer service representative at AmeriHealth Administrators, Inc. to access customers’ personal identity information, including names, dates of birth, Social Security numbers, and bank account numbers, and passed this information along to defendant Hylton. Hylton, in turn, obtained counterfeit checks that were printed using the victims’ names, addresses, and bank account numbers.

The indictment alleges that, between October 2009 and January 2010, defendant Hylton and other co-conspirators deposited approximately 48 counterfeit checks totaling approximately $289,846.82 into bank accounts, and subsequently withdrew approximately $189,300 cash from these accounts. According to the indictment, defendant Hylton also used the personal identity information of five victims to access online adult pornography websites. Hylton also was charged with possession of 15 counterfeit Pennsylvania driver’s licenses.

If convicted, defendant Osbourne faces a maximum possible sentence of 57 years’ imprisonment, including a mandatory term of imprisonment of two years, a $4 million fine, a five-year term of supervised release, and a $1,300 special assessment. Defendant Hylton faces a maximum possible sentence of 82 years’ imprisonment, including a mandatory term of imprisonment of two years, a $4.5 million fine, a five-year term of supervised release, and a $1,500 special assessment

The case was investigated by the Federal Bureau of Investigation and United States Secret Service and is being prosecuted by Assistant United States Attorney Karen M. Klotz.

An indictment or information is an accusation. A defendant is presumed innocent unless and until proven guilty.

The purpose of this blog series is to educate people about the ways that identities are stolen.

Keep in mind, these stories are true (although I have omitted specific details for our members’ protection) and are described by our Identity Theft Resolution Agents. As you read these stories, think about ways that you can protect yourself from identity theft

Fraud Case:
Customer tricked into providing sensitive information as part of an apartment search.

Fraud Story:
Stephanie*, a ProtectMyID member, was recently alerted to attempts to open credit cards in her name after she provided her Social Security number to a website that appeared to be a legitimate property management company. It all started with an apartment search. Stephanie saw an ad, clicked on a link from a company she didn’t know (something we advise against) and proceeded to fill out an online application for an apartment that seemed too good to be true. The application included a request for Social Security number, birthdate, current address and contact information – a veritable gold mine for an enterprising identity thief.

How the ProtectMyID.com Identity Theft Resolution Agent Helped the Victim

The agent helped Stephanie by doing the following to resolve her situation:

i. Placed a 90 day security alert on Stephanie’s credit reports

ii. Called all creditors where applications were filled out and new accounts opened

iii. Closed fraudulent accounts

To learn more about how you can protect yourself from identity theft visit ProtectMyID.

*Names have been changed

The purpose of this blog series is to educate people about the ways that identities are stolen.

Keep in mind, these stories are true (although I have omitted specific details for our members’ protection) and are described by our Identity Theft Resolution Agents. As you read these stories, think about ways that you can protect yourself from identity theft.

Fraud Case:
New credit card opened in my name across the country      

Fraud Story:
Colin*, a ProtectMyID member was recently alerted to attempts to open credit cards in three different states and none of them included his home state. He wasn’t surprised. Years ago, when Colin was in his late teens he lost his wallet which contained, among other things, his Social Security card. He estimates, and law enforcement agrees, that every so often, Colin’s SSN is re-sold and a new bunch of fraud attempts occurs. Luckily, Colin has ProtectMyID and immediately called a dedicated fraud resolution agent to help him get through this situation.  

How the ProtectMyID.com Identity Theft Resolution Agent Helped the Victim

The agent helped by doing the following to resolve Colin’s situation:

i.          Placed a 90 day security alert on Colin’s credit reports

ii.          Called all creditors to see if applications were filled out and if new accounts were opened

iii.         Requested fraud packets from creditors to help Colin document the incident

iv.        Ensured that the fraudulent accounts were closed

v.         Worked with Colin to help him prepare dispute letters to the credit reporting agencies

To learn more about how you can protect yourself from identity theft visit ProtectMyID.

*Names have been changed

This fact sheet offers recommendations on how to make your experience with mobile applications safe and enjoyable.  The following subjects will be addressed:

Risks associated with mobile applications
Protecting yourself from the risks of mobile applications
Signs that your Smartphone may have been compromised
Steps to take if you become a victim

There is so much you can do on a mobile phone these days!  Many tasks you would do on a computer can now be done while on the go with a Smartphone.  However, with all of that accessibility comes a price.  That price may be diminished safety and privacy.  Mobile Applications help users do everything from order a pizza to deposit checks.  The dark side of this convenience is the risk users may have when the security of the mobile applications are taken for granted.

Risks associated with mobile applications

There are many risks associated with the usage of mobile applications.  Some of the more prominent ones are:

• Malware:  Malware is software that is intended to do a malicious act.  It could damage or disable computers and computer systems, but is often used nowadays to retrieve information from an infected system.  A Smartphone is much like a mini-computer so it makes sense that the risk of malware to computers is present on Smartphones as well.  Malware can take many forms including Trojans, viruses, worms and others.  This software may install things such as key logging software, spyware, botnets and other nasty things.  These programs are often used to obtain personal information which can then be used for the financial gain of the criminals who have installed them, sometimes with a significant cost to the person affected.
• Metadata:  Metadata is data that describes a data file.  For instance, when a digital picture is taken with a digital camera or Smartphone, there is the information contained in the picture file that recreates the image for others to view.  However, in the same image file there is also information about that image, such as where the picture was taken (GPS location), when it was taken and information on the device which took it.  Criminals can use this information to track consumers.
• Application (App) Scams:  There seems to be an application that will do just about any task these days.  However, some of these apps are developed by criminals who are hoping users will download and install the application, which will then allow them access to the Smartphone’s system, as well as possible user information, such as a credit card number or social security number, or account numbers and passwords stored on the Smartphone.
• Insecure Applications (Apps):  Recent studies show that even legitimate applications can allow sensitive information to be exposed to criminals looking for such information.  

Protecting yourself from the risks of mobile applications

While it may seem like a scary world out there for those who want the convenience of mobile apps, there are ways to protect yourself.  Knowing that you have taken preventative measures should ease a bit of the concern.  Some things you can do to protect yourself from the risks of mobile apps are:

• Install an anti-virus software program that protects against spyware and malware as well.  Make sure this software is reputable and is kept current through frequent updates.
• Enroll in a backup program which also provides the capability for your phone to be wiped.  This will help protect the information on your phone should it become infected by malware.
• Research apps to determine if they are safe before downloading them.  Look at who developed the app.  For most large companies the company should be the developer themselves.  If the app is new, or not well known, do a quick Google search to see if there are any reviews of the app.  A Google search for “app name – problems” may be rewarding.
• Review what information you are allowing the application access to when you accept the terms and permissions.  Make sure that the amount of information you are allowing the app to have access to is only the information it will need to perform its intended function.  If it requires access to lots of personal information, you will have to weigh the need for the app versus the exposure of that information to others. 
• Turn geolocation and GPS off when it is not immediately needed.  This can easily be done through the privacy settings on your Smartphone.  Droids usually have an icon to turn on or off the GPS function.  This will keep your location from being broadcasted unintentionally through picture uploads, tweets, etc.
• Do not root or jailbreak your phone.  This makes it much more susceptible to malware.  More information on jailbreaking and rooting can be found here.

Signs that your Smartphone may have been compromised

One of the problems when a device is infected with malware (or has otherwise been compromised) is it will be difficult for the user to tell.  Unless an anti-virus has been installed and alerts users to the presence of malware, there is no notification that a Smartphone has been compromised.  However, there are a few indications that may mean that malware is present:

• Decreased Performance:  Just as your PC will slow down when infected with malware a Smartphone will do the same. Problems with slow operation and decreased functionability can mean that malware is present on a phone’s operation system.
• Random action:  If it seems as though your phone has a mind of its own it may mean it is being controlled by an outsider.  If applications open on their own, the phone powers on or off by itself or items are downloaded without permission it may mean that software allowing outside access has been installed.
• Unknown emails or phone calls:  If a Smartphone’s call log shows calls that you never made or emails that have been sent to addresses you don’t recognize, this could be a sign of a Smartphone being infected and compromised.

Steps to take if you become a victim

Protection is key to remaining safe from malware on Smartphone’s.

• If you have an anti-virus installed on the phone, the detection and removal of any malware should be simple and the anti-virus software will perform the task for you.
• If you are unable to remove the malware then a backup program with wiping capability will be incredibly helpful.  All information should be wiped from the phone and the backup information can be downloaded to a new phone.
• If you believe that sensitive personal information has been compromised, then you should take appropriate action to protect yourself from identity theft.  Please refer to ITRC Fact sheet 100 for information on how to do this.

Risks of Mobile Applications provided by the Identity Theft Resource Center

This guide to smartphone privacy and security covers: 

How much does your phone know about you?
What is mobile malware?
Securing your Smartphone
Application permissions
Location Services (GPS) and WiFi 

How much does your phone know about you? 

Ever thought of how well you know the functions of your phone? Now, ever thought of how much your phone knows about you? The increasing use of smartphones for daily activities, such as emailing, banking, web browsing, shopping, bill tracking, social networking, file storage, and entertainment gives your mobile device the ability to know everything about you. Your Smartphone’s knowledge, if not protected, is a potential risk to your security and privacy. The ultimate question to ask: Is my privacy and security at risk? 

What is mobile malware? 

Mobile malware is a program especially created to wreak havoc on your phone. Once installed on your device, it may disrupt the phone’s system, in order to gather information stored in the device. It may also gain access to the device’s operating system, and take over the phone. 

Mobile malware may present itself through fake mobile applications, web-browsing, and SMS/Text messages. 

• App-based malware attacks: may target a user’s financial information. This might include bank account numbers, passwords, and PINs. The access of such information may result in the loss of money and/or account take-over.
• Web-based Smartphone attacks: may result by clicking on an unsafe link. This may potentially give rise to “Phishing” scams or downloading infected files.
• SMS/Text message-based attacks: can also be used to spread malware through unsolicited SMS/texts that request the user to reply or click on a link. Unknown to the user, malware may be installed to the device, leading to unauthorized access to the device’s information.

Securing your Smartphone 

• Passcode: A passcode is a simple step to take to protect your smartphone if it is stolen with all of your personal information. This simple step may be the difference between success and regret if your Smartphone is lost or stolen.
• Antivirus software: Consider using mobile security antivirus software. There are Smartphone apps designed to monitor and protect your device against malware and spyware.
• Software updates: Updating your Smartphone’s operating software is another step towards a secured device. Software updates are designed to fix problems in the device’s operating program, which may include fixing security vulnerabilities or other bugs that may diminish your Smartphone’s performance. Therefore, stay up-to-date on any software updates and make sure to install the latest version. After all, we are concerned with performance and usability – something a software update can improve.

Note: Do not allow your device to remember passwords. If your device is lost or stolen, the information is now compromised. 

Application permissions

Ever wonder if the apps that you download put you at risk? If not, you probably should. Many apps are designed to capture a wide range of information. Did you know that apps can:

• Read phone state and identity
• Track your location
• Read owner data
• Read contact data
• Record audio – your calls
• Take pictures
• Modify or delete SD card content
• Edit SMS/text or MMS messages
• Write sync settings
• Send SMS messages
• Write contact data
• Access the internet

The best security practices when downloading apps are exercising caution and reviewing the app’s ratings, regardless of whether the app is free or paid.

You should carefully examine and pay attention to the permissions the app is requesting to access:

• Android Market apps require the user to either grant or deny access – if you deny access you will not be able to download and install the app.
• BlackBerry devices allow the user to go back to application permissions to modify or remove the ‘Trusted Application’ status. The status gives the application permission to access sensitive functionality on the device, which includes phone, GPS, and Internet – once given trusted permission, the application will not prompt the user for permission again before accessing the phone’s data.
• iPhone apps will not disclose what the application has permission to access. When downloading an app whether free or paid, Apple requires the recognition of consent by having the user sign in using their Apple account.

Because apps have access to a lot of your personal information and data on your Smartphone, exercise a great level of caution when downloading apps and familiarize yourself with what the app really needs in order to run. If you feel it requires more than it really should, reconsider installing it.

Only download applications you trust. Android users are allowed to download apps from third-parties, whereas, iPhone users are only allowed to download apps from the Apple Store; unless, of course the iPhone has been “jail-broken.” Jail-broken iPhones can download applications from the “Cydia App Store” (apps that have not been approved by Apple).

Location Services (GPS) and WiFi 

• Many applications request permission to access location. Consider turning off the location services (GPS) on your phone to protect your location privacy, unless it is necessary to perform a desired function. Keep in mind that you have the ability to enable and disable the location services on your phone.
• Have you ever taken photographs with your Smartphone and posted them online?  What’s the worst that can happen? As careful as you may be, if your GPS is enabled, your personal information may be exposed through a process called “geotagging.”    
  • According to Wikipedia, “Geotagging is the process of adding geographical identification ‘metadata’ to various media such as photographs, video, websites, SMS messages, or RSS feeds and is a form of geospatial metadata.”
  • This information most often includes latitude and longitude coordinates which are derives from a global positioning system (GPS).
  • While it sounds complicated, it really isn’t. It simply means the marking of a video, photo, or other media with an embedded location of where it was taken.
  • Smartphones featuring GPS have made this “tagging” possible.
  • “Geotagging” has been considered an infringement on public privacy and problems can arise if the information is given out unknowingly and/ or pulled by the wrong people. So, the photograph you took in front of your computer, at your doorstep, etc. has been recorded and may have possibly given your location
• To protect yourself, you can:
  • Turn the geotagging feature off. Learn how to do it at www.icanstalku.com
  • Download disabling software (it will search for geotagging information and delete it before sending)
  • Be aware and educate yourself. Understand the information you are sharing
  • Consider what you post on the Internet. You never know who has access to it
• Protect your privacy and security by exercising caution while doing financial transactions or checking banking information while connected to public wireless networks (WiFi). Credit card and personal information transmitted through public WiFi may be up for grabs by identity thieves.
• If you are a Smartphone user, it is highly recommended to use your Provider’s 3G Network to conduct any financial business. After all, you are paying for the service.

Smartphone Privacy and Security provided by the Identity Theft Resource Center

Continued from Identity Theft by Tax Fraud, part I

Unfortunately, the IRS is able to criminally investigate only a small percentage of tax-related identity theft cases due to its limited resources. In 2010, its Criminal Investigations Division investigated only 4,700 cases of all kinds, not just identity thefts.

Paul Waldram, Certified Public Accountant, is a partner of a prominent accounting firm in the Northwest. Paul told me that the IRS has taken several steps to slow down the increase in fraudulent tax returns. For example, if a tax preparer prepares a large number of returns, the returns must be filed electronically and the taxpayer must sign an authorization for e-filing. One way for unethical tax preparers to keep their clients’ money is to divert the refunds by having them sent directly to the preparer.

“The IRS now asks the taxpayer to make their tax payment payable to the Department of the Treasury instead of the IRS,” Paul said of another simple step to help stop identity thieves. “Criminals intercepting checks were known to change ‘IRS’ to ‘MRS.’ and fill in their own last names in order to cash the checks themselves.”

Keep in mind that you are your own best defense against these crimes. What can you do to help protect yourself against tax-related identity theft?

●     Don’t provide your Social Security Number to anyone without first finding out if it’s absolutely necessary. Ask how it’s going to be used. Often you’ll discover that it’s not essential information and can be omitted. 

●     Beware of any phishing attempts to get your Social Security Number. Be especially careful if you receive an unsolicited e-mail, fax or phone call from the IRS. The IRS has a robust presence on the Internet and reminds the public that it does not initiate contact or ask for sensitive financial and personal information via e-mail. Don’t be lured into an identity thief’s trap if someone asks you to confirm any of your personal information; they may have gotten bits and pieces of your data from your trash, from public records or online.

●     Look into Experian’s ProtectMyID, a product that can alert you if your Social Security, debit and/or credit card numbers are exposed online.

●     Choose your tax preparer wisely. You wouldn’t hand over your precious personal identification to just anyone, so don’t deliver the keys to your kingdom by neglecting your due diligence. Check the preparer’s qualifications as well as his or her history. Verify licensure status through the appropriate state boards and ask if any disciplinary actions have been taken against the preparer. Make sure he or she has a Preparer Tax Identification Number (PTIN), which the IRS requires effective 2011.

●     Never sign a blank return.

●     File your returns early to limit the window of opportunity for criminals to divert your refund.

●     Mind your mail. Use a locked mailbox. Take any mail destined for the IRS, which contains information which should remain private, to the post office.

●     If you receive a notice from the IRS that you’ve filed more than one tax return or that you received wages from an employer unknown to you, immediately contact the name, address or phone number printed on the IRS notice.

Satirists have long joked that America is the land of opportunity—everybody can become a taxpayer. Identity thieves are taking this opportunity literally by assuming taxpayers’ identities for their own financial gain. Don’t let the criminals have the last laugh.

By Chuck Whitlock, Author and Investigative Reporter

If Benjamin Franklin were alive today, he might revise his often-repeated quote to reflect a current threat: “…in this world nothing can be said to be certain, except death, taxes and identity theft.”

Tax-related identity theft is a growing criminal enterprise, skyrocketing a whopping 480% from 2008 to 2010. According to a 2011 report by the Government Accountability Office (GAO), almost 250,000 incidents were identified by the Internal Revenue Service (IRS) in 2010.

Innocent taxpayers are primarily victimized by one of two types of tax-related identity theft:

•  employment fraud, which occurs when an identity thief hijacks a victim’s name and Social Security Number to secure employment; and
• refund fraud, in which an identity thief files a fraudulent tax return using someone else’s name and Social Security Number in order to get a refund from the IRS.

Both types of fraud revolve around the two most important pieces of your personal DNA, your name and Social Security number.

Employment Fraud

Who hasn’t experienced a churning stomach when opening a notice from the IRS? Imagine getting an IRS notification that you underreported your income last year because of a job that you never had. The IRS reconciles a taxpayer’s reported income with what’s been reported by the taxpayer’s employers, even those duped by identity thieves. The resulting administrative mess must be untangled by the IRS, which has to determine the real income of the legitimate taxpayer.

Perpetrators of this kind of identity theft understand that it’s a fraud that generally takes a long time to detect and unwind. By the time the IRS detects the problem, it could be well over a year since it began, given the April 15th filing date of returns for the prior twelve months.

Refund Fraud

Using modern tools of convenience, like the IRS’s e-file tax filing system, criminals can get a jump on legitimate taxpayers by filing early in the tax season and diverting tax refunds, often before their victims send in their returns. The scheme is uncovered only after the real taxpayer files his or her tax return. Then the IRS must determine who’s authentic and who’s not.

This is exactly what happened to one Ohio woman when she filed her 2010 tax return. The IRS notified her that a refund had already been distributed to someone filing with her Social Security Number. As with many fraudulent filings, the scammer had rerouted the refund by making it look like the victim had moved. Because the criminal using the woman’s identification had her Social Security Number, the filing didn’t raise any eyebrows at the IRS, which sent the refund check to the new address. A close inspection of the form would have revealed that certain details didn’t exactly add up: The woman would have had to be a toddler when she gave birth to her fictitious child.

The fact that many Americans move each year and still enjoy the convenience of filing electronically is one of the reasons that screening for falsified filings is so difficult. Though the IRS checks to ensure that Social Security Numbers match names, any additional screening would likely result in delays in distributing returns to legitimate filers, according to the GAO. However, the IRS does screen filings for names and Social Security Numbers that have been used in past scams.

In September 2011, an Orlando, Florida, man who had worked for the US Postal Service admitted to getting caught up in a tax-related identity theft scheme. Along with his accomplice, who also pleaded guilty to bribery of a public official, the former postal worker pleaded guilty to conspiracy to commit theft or receipt of stolen mail.

One of the essential elements in an IRS refund scam is a location where the IRS can send a check, but it must be one that’s not easily traced to the criminals perpetrating the crime. That’s where the former postal employee came in. He provided the scammers with addresses on his mail route, which were then used on the fraudulent tax returns. When the US Treasury checks arrived, it was the bribed mail carrier’s job to intercept them. For each intercepted check, he made between $200 and $300. To illustrate just how profitable a scheme it had become, when authorities caught up with the postal carrier on March 7, 2011, he had 68 checks worth over a half million dollars addressed to residents of just one Orlando apartment complex.

An added wrinkle to the scam was that the tax returns were filed with the Social Security Numbers of Puerto Ricans, who are only required to file federal income tax returns on money made from non-Puerto Rican sources. Unlike identity thieves who perpetrate more traditional tax-return fraud which is often discovered when victims file their taxes, the identity thieves who employed the postal employee used the personal data of victims who were less likely to file taxes and, therefore, less likely to discover the scam. The scheme perfectly illustrates the growing challenges of preventing and detecting identity-theft tax return fraud.

By Chuck Whitlock, Identity Theft  Author and Investigative Reporter

An old adage warns, “Trust no one.” Sadly, when it comes to protecting your identity, these words should become your mantra. While faceless scammers on the Internet or other strangers are often the main suspects in identity thefts, the biggest threat to your identity may be posed by someone who is close to you, even someone you love.

Familial identity theft—when a member of your family steals your personal information for financial gain— and so-called “friendly fraud” by anyone close to you whom you trust are on the rise. In 2010, friendly fraud went up 7 percent. In fact, out of all reported identity theft cases, one in seven was committed by someone close to the victim, according to a recent survey. Financial losses in these kinds of cases are usually greater than when the victim doesn’t know the identity thief. The amount stolen is, on average, twice that stolen by a stranger, and it costs the victim over four times as much to try to repair the damage done by someone they know.

It’s easy for family members or friends to steal your identity because they possess one of the best keys to gaining your personal information: your trust. With easy access and because they know your habits, the criminals often act with impunity for long periods of time. Thieves are mainly focusing on victims ages 25 – 34; according to Javelin Strategy and Research, last year over 40% of these victims had their Social Security numbers (SSN) stolen.

Children are becoming popular victims of identity theft. A child’s SSN can be found in school records and at doctors’ offices. Essentially, a criminal may attach any name or birth date to a child’s SSN. Because the thieves gain a clean credit history, a child’s identity is particularly attractive to family members or family friends who are suffering from economic distress. The crime will often not be discovered for many years. According to Identity Theft Investigator Barbara Glass of the Portland (Oregon) Police Bureau, “The statute of limitations in many jurisdictions is only three to five years. By the time the crime is reported, law enforcement is oftentimes helpless to do anything about it.” In the meantime, the child’s credit is in tatters.

Marilyn Pruett (not her real name) can report firsthand the gamut of emotions she experienced when she discovered that someone had stolen her identity. When the nineteen-year-old Oregon woman was denied for a college loan, the company told her that it was because of her poor credit history. Marilyn wondered, What credit history? I’m only nineteen years old! As Marilyn delved further, she began unraveling a trail of lies that had been 12 years in the making. Using Marilyn’s name and Social Security number, over the years her mother had racked up bills for a multitude of purchases, including a home and a car. She had also filed fraudulent income tax returns in Marilyn’s name. The betrayal was enormous.

The young woman was tortured about whether or not to report the identity theft to the police, but she didn’t want to be held personally liable for all the unpaid bills her mother had accumulated. Neither did she want to be brought up on charges of tax fraud. After much thought, Marilyn decided to contact the police. In Marilyn’s case, the statute of limitations had not run its course, and her mom is standing trial as of this writing. Officer Glass confirms that “many victims like Marilyn don’t report the crime” because of close family ties and feelings of guilt.

How should you react if you find yourself a victim of identity theft perpetrated by a loved one or friend? Each situation is personal and complex, adding to the difficulty of knowing what to do once the deception is discovered. You might feel pressure to let the perpetrator off the hook because of the nature of your relationship, but beware: This can have serious repercussions in the future. If you take responsibility for the debt that’s been incurred and find yourself unable to pay for your loved one’s indiscretion, creditors could come after you. In some cases, the problem may be worked out between the creditor and your family member or friend. If you haven’t filed a police report, creditors will turn to you for their money if the thief doesn’t follow through.

Remember that the person used you and your good name for financial gain. The best solution in most cases is to proceed as if the perpetrator is a stranger, beginning with a police report of the crime.

You are probably saying to yourself, My family would never betray me like that! I hope you’re right. To help ensure that you don’t find yourself in the position of having to report a family member or friend to the police:

• Don’t leave personal financial information where others can find it. Secure your SSN, credit card accounts, banking information and other financial data, and frequently monitor all account activity and statements. A monitoring service such as ProtectMyID.com can help detect identity theft in its early stages.
• Control access to your children’s personal information, especially their SSNs, by routinely questioning all requests for such data. Once you release that precious information, you can’t get it back.
• Check your credit reports for fraudulent or suspicious activity at least once a year and seriously consider placing a freeze on your credit report.
• Be sensitive to the personal situations of close family and friends. In these difficult economic times, individuals who may not otherwise be tempted to turn to economic crimes may find themselves in desperate situations.

As Investigator Glass puts it, “Identity theft is the gift that keeps on giving. Once you think it’s behind you, another surprise pops up.”

To help consumers “DEFEND” themselves against cyberthieves, Experian’s ProtectMyID and Identity Theft Expert Chuck Whitlock offer the following tips:   

• Defy curiosity. Never open an attachment or click on a link unless it’s something you’ve specifically requested from someone you know. Just because an email is from a friend or a coworker doesn’t make it free of malware. Click the “x” on all pop-up ads to avoid infection, and never download free software unless it’s from a trusted site.
• Educate yourself about technology. Become tech-savvy: Know what security software you need to keep your computer — and yourself — safe online. Don’t let down your guard by letting your protection lapse. Always keep your antivirus and spyware protection updated.
• Fix your passwords. Using the same password for more than one account or a password that’s easy to guess opens the door to identity thieves. Change passwords regularly, never disclose them to others and vary them among different accounts.
• Embrace your paranoia. Yes, there are people out there who are out to get you. Don’t forget it.
• Negate putting personal information online. You wouldn’t provide your personal identifiers to just anyone on the street who asks for them, so don’t do it online. Become as proactive in protecting your personal, private information online as you are in other areas of your life. Don’t even think of doing anything of a personal nature on a public computer. Remember that posting personal data on social networking sites makes you a target for identity thieves.
• Deploy safety precautions. Online fraudsters are constantly changing their tactics, making it hard to stay abreast of every new scheme. Frequently monitor your accounts and financial statements, and check your credit reports at least once a year. Consider using ProtectMyID.com, an identity theft protection program that can provide additional peace of mind.

To find out more information about ProtectMyID or ways to protect yourself from identity theft, visitwww.protectmyid.com