It's tax time. Less than two months to get your return into Uncle Sam. And if you planned well throughout 2017, he might owe you some money.
But beware — danger is lurking.
Massive data breaches in recent years involving well-known companies like Yahoo, Equifax, and e-Bay have put Social Security numbers, birthdates, addresses, and even computer passwords in the wrong hands.
“It is significantly on the increase. The losses are huge," said Jim Hegarty, Better Business Bureau president. “Hundreds of millions of records exposed that contain sensitive information. So for the most part we can pretty much assume all of our information is out there in the ether somewhere."
Now, scammers are going after people's tax returns by submitting stolen information with your name on it.
”So the returns are sent to addresses in the United States so that it doesn't create a lot of suspicion,” Hegarty said. ”Those checks are then moved off-shore to the scammers and organized crime groups often in the Ukraine and Nigeria all sorts of difficult to reach places."
They also target tax preparers, such as H&R Block, by sending a phishing e-mail to preparers, urging them to click on the link that appears to be from the IRS, and update their filing information. But it's a scam.
”Just like every business, they are vulnerable to these hacks,” Hegarty said. “Clearly they are targets because of the sensitive information in their files.”
In fact, the bad guys are also using a method the FBI in Omaha first alerted us to last year known as “business email compromise.”
Agent Kristi Johnson showed us how it’s done: The criminals send an e-mail that looks like an official internal document to a company's finance director, urging him or her to click on the link, and noting that “tax information is needed” — like W2s — for certain employees.
“This shows the perpetrator — the hacker, if you will,” she said. “Then what they do is send out the phishing email with the link — the bad link — once that link is clicked on, they are inside the company's computer system."
Here are the three specific ways to avoid becoming a victim:
- Do your return as quickly as possible. The longer you wait, the more opportunity for somebody to use your information to swipe your return.
- Use a reputable licensed tax preparer, not a pop-up temporary operation. A tax pro can be your best advocate in making sure everything is above board and official.
- Be on the lookout for bogus e-mails or phone calls. The IRS is never going to call you or email; instead, they will notify you with a letter in the mail.
”It’s a nonstop onslaught, and all of us need to be better prepared,” Hegarty said.