Just in time for tax time, Google and the U.S. Federal Trade Commission (FTC) have some important hints for online identity safety as tax filers prepare to complete their 2013 tax returns online.
"Once upon a time, Tax Day meant pens and pencils, paper forms, and long waits at the post office," wrote Rob Mahini, a Google policy counsel, in a Jan. 21 post on the Google Public Policy Blog. "Now, the Internet makes tax day much simpler—online software and e-Filing now allows everyone a much smoother Tax Day experience. Unfortunately, the Internet also makes something else easier: tax identity theft that allows scammers to do things like file for fraudulent tax refunds or apply for jobs."
Identity theft has been the top consumer complaint to the FTC for 13 consecutive years, wrote Mahini, and "tax identity theft has been an increasing share of the Commission's identity theft complaints."
Tax ID thefts occur when someone else uses someone's Social Security number to get a tax refund or a job, which then makes life much more complicated for the person whose identity has been stolen.
And the biggest category of all is tax ID theft, which accounts for more than 43 percent of the FTC's ID theft complaints, he wrote. That makes it "the largest category of identity theft complaints by a substantial margin."
To fight this growing problem, the FTC hosted events around the country from Jan. 13 to 17 as part of a Tax Identity Theft Awareness Week, which was held to educate consumers about the risks of tax identity theft and how to avoid becoming a victim, wrote Mahini. A related video was also recently released by the U.S. Internal Revenue Service (IRS) to educate taxpayers on what to do if they are victimized by tax ID theft, the post stated.
Google also provides similar consumer information at the company's Good to Know site, where consumers can learn about the many ways that they can protect all of their data, including their Social Security number, their tax forms and other information that tax identity thieves are seeking from them, wrote Mahini.
Among the tips for consumers on the Good to Know site are reminders to never reply if a suspicious email, instant message or Webpage is received and asks for a user's personal or financial information. "Identity thieves try to use these phishing techniques to steal your information such as your social security number or other tax info," the site explains.
Another red flag is when an incoming message or other communication arrives that appears to come from someone you know, but the message doesn't seem quite right, the site states. "If you see a message from someone you know that doesn't seem like them, their account might have been compromised by a cyber criminal who is trying to con you into providing your SSN or other sensitive information."
Taxpayers and other users are also reminded to never send their own password via email to anyone and to never share your password with other individuals or groups. "Thieves that gain access to your accounts can then steal your tax identity," the site explains. "Legitimate sites won't ask you to send them your passwords via email, so don't respond if you get requests for your passwords to online sites."
Tax filers must maintain their vigilance to protect themselves and their identities during the tax filing season, wrote Mahini. "The ease and convenience of the Internet has helped simplify tax filing. And following these tips will help keep your tax information safe in the process."
Google often reminds online users of the dangers of identity theft by criminals.
In February 2013, Google described some of the many steps the company takes to bolster its Gmail defenses against hackers and spammers, including changes in its response tactics to keep up with changing attack methods. Nowadays, instead of receiving cold-call spam messages from senders (which are routinely stopped by spam filters developed over the years), spammers have turned to hijacking old email accounts of people who users might have communicated with in the past. To hijack the accounts, they steal or illegally buy stolen user names and passwords and then use the accounts to send out their messages. Because recipients might recognize the names of the alleged senders, they might open the messages and their attached payloads, which can be harmful.
Google's specialized anti-spam tools can come into play in those cases today, requiring account holders to answer some simple questions that authenticate them as the real account holders. Using security measures like these, Google said it has been able to cut the number of compromised accounts drastically.
In March 2012, Google implemented another account security feature that lets users receive a monthly "account activity" report containing password-protected insights into their use of Google services. With the reports, users can track their Google account usage and be sure that their accounts are not being used by spammers and hackers.