No one enjoys tax time, right? Not even the Internal Revenue Service or paid tax preparers. Actually, identity thieves do love tax season. Personal identifying and financial information is flying around and the stress of the season can cause some people to drop their guard – and open the door to opportunity for identity thieves.

As you’re gearing up for tax season, it’s important to keep identity protection in mind throughout the process. Take these steps to ensure your information stays safe this tax season:

Choose your tax preparer with care

From the Yellow Pages to your local discount store, tax preparers are everywhere at this time of year. It’s important to know who you’re doing business with; not only can a poorly prepared return cause problems with the IRS, a dishonest preparer can take advantage of your personal information. Warning signs a tax preparer may not be above board include:

• Asking you to sign a blank return. Always review a completed return before you sign it.
• A record of complaints with the Better Business Bureau or other consumer organization.
• Charges a percentage of your tax return as his or her fee, or refuses to quote you an exact fee up-front before preparing your return.
• Disappears after tax day. Look for a preparer with an established reputation and an actual office where you’ll still be able to find him on April 16.

Protect Your Valuable Documents

Many of the documents involved in tax preparation – from W-2s to interest statements – contain sensitive information. It’s important to take steps to protect these forms.

Throughout the month of January, don’t let mail linger in the mailbox, as tax forms will be arriving. Invest in a locking mailbox – a good identity theft protection measure at any time of year. Gather all your documents and secure them; never leave envelopes or documents in an unsecure place, like your car, desk at work or dining room table at home. And when it’s time to mail your return, don’t leave it sitting in your mailbox for the postman to pick up. Take it directly to the local post office branch and mail it from there.

Be Alert to Scams

Tax scams abound at this time of year. You may receive an email or phone call from someone claiming to represent the IRS or other federal agency. Keep in mind that when it comes to your taxes, only one federal agency is ever involved and that’s the IRS.

On its website, the IRS plainly states that it contacts taxpayers via U.S. Post – and never by email, text messages or phone calls. If you receive this type of communication from someone claiming to be with the IRS it is almost certainly a scam. Report the incident to the IRS by forwarding the suspicious communication to phishing@irs.gov.

Identity Theft Protection Infographic – Courtesy of Shoeboxed.

]]> http://blog.protectmyid.com/2013/03/12/easy-tips-to-protect-yourself-from-identity-theft/feed/ 0 http://blog.protectmyid.com/2013/02/26/guest-video-what-to-do-if-you-think-you-are-a-victim-of-identity-theft/ http://blog.protectmyid.com/2013/02/26/guest-video-what-to-do-if-you-think-you-are-a-victim-of-identity-theft/#comments Tue, 26 Feb 2013 19:04:21 +0000 Rachel http://blog.protectmyid.com/?p=5572

Online dating is mainstream these days, with many people making love connections through Internet dating sites. While most of the people on dating websites are genuinely looking for love, it’s a sad reality that some users have more sinister goals in mind. For enterprising identity thieves and scam artists, online dating websites can be a treasure trove of opportunity.

Unfortunately, it’s easy to get swept up in the excitement of a prospective romance; nearly half of online daters don’t verify the authenticity of a potential match before communicating with a new person, according to a 2010 survey by Impulse Research, conducted on behalf of ProtectMyID.

Just as you take steps to protect your heart in the early stages of getting to know someone, it’s important to protect your identity when meeting people online. Before you find yourself “looking for love in all the wrong places,” follow these guidelines to minimize your risk of falling prey to scammers:

• Never include your full name, birthday or hometown in an online profile. While potential matches will want to know your age as a barometer of potential compatibility, you can always ballpark it. Most sites allow love-seekers to search based on an acceptable age range.
• Less is more in the beginning. Until you know more about a potential match, don’t give away too much identifying information. For example, it’s OK to say you have kids and their approximate ages, but hold back on specifics such as their names, actual ages and where they go to school. It’s fine to say you have a bachelor’s degree in accounting, but it’s not necessary to reveal where you attended college.
• Investigate before you date. Even honest love-seekers aren’t always truthful on their profiles; several studies have found that people routinely fib about height and weight on their dating profiles. Imagine the whoppers an identity thief must tell. Check out prospective matches on social media sites like Facebook or LinkedIn, or Google the person to see what information exists.
• Keep it local. While some people may successfully fall in love long-distance, it’s also easier for scammers to pull their tricks when they’re not local. Be sure to look for matches of people nearby, and when you do meet, have your first date in a public place.
• Don’t ignore your gut – or your head. You know perfectly well there is no reason why someone you’re dating would need your Social Security number, driver’s license number or the name and location of your bank. Be especially suspicious of anyone who asks for a loan, even if it’s supposedly for bus fare to visit you. If someone’s behavior seems suspicious or intrusive, bow out gracefully and turn your attention elsewhere. To paraphrase your mother, there are simply too many fish in the sea to risk your security for one potential catch that smells a little too fishy.

Consumers have reported receiving automated calls asking for their Social Security numbers and other personal information in order to opt out of marketing mailing lists.

Under the Fair Credit Reporting Act (FCRA), Consumer Reporting Agencies (CRAs) are permitted to include your name on lists used by creditors or insurers to make firm offers of credit or insurance that are not initiated by you (“Firm Offers”). The FCRA also provides you the right to “Opt-Out”, which prevents CRAs from providing your credit file information for Firm Offers.

The national credit reporting agencies (CRAs) host a joint service to allow consumers to exercise their right to opt out by calling a toll free number (888-5OPT-OUT / 888-567-8688) or online at www.optoutprescreen.com.

The National Opt Out service does not make any outbound phone calls, so calls offering marketing opt out are not authentic.

Reports indicate that the caller ID number that displays on these calls is 302-268-6660. This number is in no way associated with the National Opt Out program hosted by the CRAs.

We recommend that you hang up if you receive a call of this nature.

If you would like to be opted-out or find out more information about the National Opt-Out program, please visit:  www.optoutprescreen.com or call the  National Opt-Out program automated line at 888-5OPT-OUT (888-567-8688).

If you have already provided your Social Security number and other sensitive information on a call that you did not initiate or at 302-268-6660, we recommend that you add an initial fraud security alert to your credit report as a precaution.  To add the alert, please visit Experian’s Fraud Center at www.experian.com/fraud or call 888-397-3742. We will share your alert request with the other national credit reporting agencies.

There’s more to worry about this Valentine’s Day than the possibility of a lonely or broken heart. It’s also important to safeguard against con artists looking to steal identities and money from people seeking to make a love connection.

There are a variety of ways thieves try to capitalize on a person’s trusting nature, including preying on lonely hearts. The Federal Bureau of Investigation and online identity theft advocacy organizations are warning those who use online dating sites to watch out for “sweetheart scammers” who swindle money or bank account information from online daters.

A “sweetheart scammer” usually begins with a fake profile designed to match a certain type of person: employed, affluent and trusting. The profile is designed to seem perfect in every way, even down to the same likes and dislikes as the target. Once the target reciprocates and trust has been established, the scam usually escalates to the thief’s unveiling of a problem involving money. Typical scenarios include the request for funds to be able to travel to meet the target or to help the thief’s sick relative.

“Individuals trying to establish a relationship through online dating services and social communities are prime targets for identity thieves who know how to prey upon the vulnerabilities of those seeking relationships,” said Ken Chaplin, senior vice president for Experian’s ProtectMyID. “Taking the time and effort to safeguard personal information and to look for warning signs can make all the difference in protecting yourself.”

Results from a past survey commissioned by ProtectMyID determined that a high percentage of individuals participating in online dating fail to properly scrutinize potential matches prior to engaging in communication. Furthermore, many compound this issue by divulging too much personal information at a very early stage. From birth dates and addresses to phone numbers and even bank account details, the flow of information is alarmingly high in the online dating world.

ProtectMyID reminds people that they can take precautionary steps and spot a scam before romance fades into financial and identity fraud:

• Profiles should tease, not disclose everything. Don’t disclose personally identifiable information with a prospective dating match until there is an established level of familiarity and trust. This also includes your hometown, home addresses, work specifics, phone numbers, educational background and information about children via profiles and through photo identification.
• Keep the details close to the heart. Avoid posting personally identifiable information on your online dating profiles, including but not limited to hometown, home addresses, work specifics, phone numbers, educational background and information about children via profiles and through photo identification.
• Cupid isn’t always right. Don’t assume that a prospective dating match always will be truthful. Ask a person to tell you about himself or herself; you then can conduct a little background work on websites and see if conflicting information exists. Also, be wary of any requests for financial loans or assistance of any kind.
• Create the perfect password. For online dating profiles, do not use passwords that incorporate publicly known information.

Even though Valentine’s season is the time to be on high alert for possible sweetheart scams, it’s important to realize this is a year-round issue. The Identity Theft Resource Center confirms that they receive calls from people who have been swindled by sweetheart scammers throughout the year.

“With Valentine’s Day around the corner, we are reminded that this holiday isn’t always chocolate and roses for everyone,” said Eva Casey Velasquez, president of the Identity Theft Resource Center. “While sweetheart scammers definitely operate all year long, they are particularly noticeable at a time when everyone wants to celebrate romance. These scams are a double whammy for the victim because they are affected both fiscally and emotionally. It’s important to remember to always make financial decisions with your head and not your heart.”

By Nikki Junker, Identity Theft Resource Center

We’re just beginning a new year, and that means it’s time for the annual Trends and Predictions piece from us here at the ITRC. It’s no surprise that our predictions for 2013 are laden with technology-related issues. Technology is more present in our daily lives than ever before. So too, are the technology-related opportunities for thieves and scammers. Here are the top three new problems we think we will see in 2013:

• Mobile Payments: Our wallets are already transitioning from our back pockets into our smartphones and the trend shows no sign of slowing down. Though this could be incredibly convenient, it will open up opportunities for scammers and thieves. Whether or not the Near Field Communication systems within our devices are safe, there are multiple other places that the system can leak information. Unlike a wallet, a smartphone stores a huge amount of personal data that could relatively easily be exploited in the event the phone is lost or stolen.
• Social Networking: Whether or not you’re participating, social networking is exploding. The revolution has come a long way from its humble roots. From social multiplayer video games which require our credit card numbers, to dating sites that broadcast your exact location, social networking has become far more than just a pastime for college students attempting to sit through lecture hall. It has evolved into a relative sociological necessity. As we move ever closer to constant connectivity (in some cases we’re already there), the realm in which we can have a reasonable expectation of privacy is shrinking at an exponential rate. We must learn the information each of these new social networks may potentially compromise and understand how the privacy settings function.
• Macintosh Malware: Gone are the days when someone could point to the apple on their laptop and proudly state that they had no concern for malware. As Apple products have become a growing part of the electronic market, cybercriminals have taken aim at the brand. They have developed malware specific to Apple Products and have taken advantage of the fact that everyone believes their Apple product is immune. In 2013, we suspect these attacks will continue to grow and soon the Apple App Store will be as seedy as that of its competitors.

We live in very exciting times and it seems as though nothing is impossible when it comes to technological development. However, as technology creates ease in our daily lives it also leaves us vulnerable to identity theft as control of our information goes from our hands to our machines.

With flu season in full swing, hopefully you’ve already gotten your flu shot. Vaccinations are an important way to protect ourselves and our families from a host of preventable diseases – some merely inconvenient, like chicken pox, and others more serious, such as measles.

Have you “vaccinated” your identity against medical identity theft risks?

Medical identity theft – the theft of personal information like your name, Social Security or Medicare numbers, to obtain medical care, buy drugs or submit false Medicare claims – is on the rise. A study by the Ponemon Institute, commissioned by ProtectMyID, indicates that 2 million Americans are victims of medical identity theft each year. This type of identity theft costs victims an average of $22,346, and takes a year or more to resolve, according to the survey.

Medical identity theft can damage your credit rating and finances, and even compromise your health care by causing incorrect information to appear in your personal medical records. It’s vital to take steps to minimize your risk of this type of identity theft.

• Always verify who you’re talking to before you share medical information with anyone. Never share personally identifying information over the phone unless you initiated the call to a verified service provider. Medical identity thieves often try to scam people over the phone by posing as representatives of hospitals, doctor’s offices, pharmacies, insurance companies and even government agencies.
• Keep paper copies of medical or insurance records and forms in a secure, locked file or drawer. Use a crosscut shredder to destroy records and bills you no longer need.
• Before you throw a prescription pill bottle in the trash, remove and destroy the label.
• Guard your Medicare and Social Security numbers and cards. Be vigilant about who you allow to have these numbers, and ask service providers who will have access to those numbers and how the provider will protect your information.
• Check your medical records for accuracy on a regular basis, and monitor all your financial statements. Pay close attention to explanation of benefits (EOB) forms from your insurance company and make sure the services your insurer is being billed for match up to services and dates when you actually saw your doctor.
• Review your credit report regularly for signs of trouble. Once a year is not enough; it’s important to catch medical identity theft and other types of fraud as quickly as possible. The longer fraud goes undetected, the harder it can be to resolve.

Something about the first few months of the year infuses us with an enthusiasm for change, which may be why New Year’s resolutions are so popular. This year, why not channel that positive energy into change that can make a real difference in your security? Start the year by changing all your passwords.

It’s not enough, however, to just change your passwords every now and then. Your passwords should be “strong” – that is, difficult for a smart thief to guess.

Security experts generally agree that strong passwords should have at least eight characters, including upper and lower case letters, numbers and special characters (like #, @ or &). They shouldn’t be something obvious, such as any part of your real name or your user name. And, to maximize your security, you should never use the same password for multiple accounts.

Using multiple passwords can present a problem, however. How do you remember all those passwords? One way is to use variations of a handful of easy-to-remember passwords.

The security pros at Microsoft offer some great tips for creating strong passwords that you can easily remember. One hint is to use a password that’s an acronym for an easy-to-remember sentence. Using their tip, you could take the sentence “My favorite holiday is July 4” and turn it into the password “MyFHiz7/4.” Such a password would meet strong criteria because it includes capital and lower case letters, numbers and a symbol.

Other options is to take a well-known phrase, such as “It’s just the tip of the iceberg,” and turn it into an acronym: Itzjttoti. Don’t forget to mix it up with numbers and symbols: Itzj2ttoti!

Not sure your passwords are strong enough? Plug them into a password strength-checker. You can find plenty of these online for free, and they’ll evaluate how well your password meets the standard criteria. They can’t, however, tell you if your password is an easily guessable one, such as your child’s birthday or your mother’s maiden name.

Finally, if you just can’t remember all those passwords – and the average person has anywhere from five to 10 unique passwords to remember, according to a 2012 Harris Interactive Study – you can try password manager software. These programs help you store and organize your passwords and some can even communicate with all your Web-enabled devices. As a last resort, you can keep a written list of passwords – just don’t label them with identifying information – and keep the list in a secure lock box or drawer.

Managing passwords would appear to be a universally aggravating exercise: 38 percent of those who responded to the Harris poll said they sometimes think it would be easier to solve world peace than attempt to remember all their passwords. Still, the beginning of a new year is as good a time as any to tackle tough tasks, so pull up your online accounts and start creating!

Losing weight, eating better, exercising more, learning a new skill or finishing a degree – have you ever noticed that most New Year’s resolutions focus on self-improvement? Of course, self-improvement is a good thing, but there’s another resolution you should add to your list this year, one that emphasizes self-preservation.

Think about starting 2013 with an unshakable resolve to improve your identity protection measures. Here are five must-make safety resolutions that you may find easier to keep than your pledge to give up chocolate or work out for an hour every day:

1. Improve your passwords – You know you should update passwords regularly, but it can be difficult to remember to do, and even harder to remember new passwords. Resolve to update account passwords once a quarter. Never use a common password for all your accounts. If you have trouble remembering passwords, consider investing in secure password management software.
2. Update security questions – If you forget a password – and don’t have a password manager to help you out – most websites will give you the option of receiving your password via email after you answer a series of security questions. Of course, your mother’s maiden name is a common security question – so avoid using it. An enterprising identity thief may find it easier to guess your mother’s maiden name than, say, the name of your first-grade best friend. Whenever possible, opt for difficult-to-guess security questions, and change them whenever you change a password.
3. Get serious about security software – Most computers purchased today come with some security software on them, but often people allow product trial periods to expire – leaving their computers unprotected. Make sure you have up-to-date virus protection, anti-malware and anti-spyware software on your computer. Start the year by checking to make sure your computer’s software is current and set it to update and run automatically every day.
4. Boost your backup efforts – Backing up data is essential. You can do it manually, using external drives, but an online backup facility can make the process easy – and automated. Look for a system that you can use not only for your PC but for all your Web-enabled devices.
5. Streamline your social networking – In this age of social media, it’s not uncommon for people to have hundreds of online “friends” on any given social site. Keep in mind that on many social media sites, accepting a connection request gives that individual access to all the information in your profile. Keep profile information minimal and general, and never accept a friend request from someone you don’t actually know.