Protecting information & your digital life

Identity theft can throw your life upside down. Protect your privacy and your money with strong passwords along with safe browsing and email habits.

Key takeaways

  • File your tax return as early as possible.
  • Protect your personal information everywhere online and think twice about what you post on social media.
  • Learn to recognize phishing emails and calls. Don't trust calls from individuals claiming to represent the IRS or financial institutions.

Being contacted by the Internal Revenue Service can cause concern for any taxpayer, but imagine receiving a telephone call and hearing this:

"This prerecorded message is to notify you that the IRS has issued an arrest warrant against you. Right now you and your physical property are both being monitored, and it’s very important that I do hear from you as soon as possible before we proceed further in any legal manner."

That's an actual message received by a real taxpayer, but everything else about it is fake. It's a criminal scam aimed at scaring the target into placing a call to someone who might demand an immediate cash payment or attempt to obtain personal information that could be used for identity theft.

With tax-filing season in full swing, intimidating calls of this type try to take advantage of taxpayers' IRS anxiety. Most people are quick to spot the call as a fake—the IRS doesn't threaten taxpayers by telephone, issue arrest warrants, or conduct surveillance.

But the IRS ploy isn't the only scheme in the scam artists' bag of tricks, nor do they occur only at tax time. Other approaches may be more subtle, appearing to come from a company you trust asking you to verify account information. Or the criminals may operate almost entirely behind the scenes, quietly gathering information about you that can be used for a wide range of identity fraud. The common thread in almost all of the schemes is that they rely on the target to provide some information or, at the very least, to be inattentive to security. 

The good news is that you can protect yourself in most cases by being aware of the threat and following best practices for safeguarding your information. Make sure all your contact information is up to date with your financial institutions. Your contact data is critical to account protection, and your financial institutions rely on that information to promptly inform you of any suspicious activity.

5 common scams

1. Tax refund fraud

A criminal files a fraudulent tax return in your name, under your Social Security number, and collects a refund. When you submit your legitimate tax return, it is rejected because the IRS has already processed a return with your Social Security number. In some cases, you may receive a notice prior to filing your return that the IRS has received a suspicious return using your identity.

What to do:

  • File your return early, before a criminal can file a fraudulent return.
  • If your return is rejected, submit Form 14039, Identity Theft Affidavit, to the IRS.
  • If you receive a letter from the IRS that it has received a suspicious return using your identity, contact the IRS.
  • Continue to pay your taxes and file your legitimate tax return, although you may have to submit a paper return rather than an electronic one.

2. Employment or health care fraud

A person uses your identity to obtain a job or sign up for health care through the Health Insurance Marketplace. You may become aware of the scheme after you file your tax return and are notified by the IRS that you appear to have underreported your income and owe additional tax. Or, in the health care version of the scheme, you receive notification that you received a premium subsidy to which you weren't entitled, based on your income, and you have to pay it back.

What to do:

  • If you suspect you are a victim of taxpayer identity theft, immediately contact the IRS and file Form 14039, Identity Theft Affidavit.
  • If you believe someone has signed up for health insurance in your name, call the Health Insurance Marketplace call center at 800-318-2596, and explain the situation.

3. Fake charities

You are solicited by email, phone, or in person to contribute to an organization that sounds like a good cause but is actually a scam. Such schemes may be general in nature, often using a name very similar to a well-known charity, or they may be more targeted, attempting to prey on people who are victims of a natural disaster or known to have a personal interest in a particular disease or social cause. Beyond being scammed out of your contribution, you might also become a victim of identity theft if you provided a credit card number.

What to do:

  • Before contributing, research the charity through the Better Business Bureau's (BBB) Wise Giving Alliance, Charity Navigator, Charity Watch, or GuideStar.
  • If you suspect you have been a victim of charity fraud, file a complaint on IdentifyTheft.gov.

4. Ransomware

You receive a phone call from someone claiming to be a technical support person informing you that there is something wrong with your computer and they can help you fix the problem. Alternately, a message appears on your computer screen informing you that you are locked out of your computer or your files have been encrypted, denying you access. If you act as asked by the caller or the screen message, your computer may be taken hostage or personal information stolen. You are then instructed to pay a fee to have access to your computer or data restored.

What to do:

  • Prevention is the best medicine. Don't click on pop-up ads or attachments from unknown senders, don't respond to scare messages about your computer being infected. Avoid clicking on links in emails. Visit known websites by manually typing the URLs in a browser.
  • Back up your data regularly. That way, you can reboot and regain control of your computer by cleaning your hard drive and reinstalling your operating system.
  • Look into commercial software programs that might be able to restore your files.
  • Ignore suspicious phone calls about your computer and go to your local computer or electronic store if you need help with your computer.

5. Credit card fraud

Someone using your identity signs up for a credit card and racks up large charges. This is different than someone using your existing credit card to make purchases. That's bad enough, but you're likely to notice it when you get your next statement. A crook who obtains a new card could use it extensively before being discovered.

What to do:

  • Report the crime and start a recovery plan on IdentityTheft.gov.
  • Notify law enforcement officials.
  • Put a fraud alert on your credit reports, which notifies lenders and creditors that they should take extra steps to verify your identity before extending credit.

How to protect yourself

1. Don't take the phishing bait

Phishing is a technique used by criminals to trick victims into providing personal information that can be used for identity theft. Most phishing attempts are carried out by email or phone.

  • Ignore deals and freebies that sound too good to be true, unusual foreign contacts, and requests from strangers for help.
  • Ignore phone calls, emails or texts that appear to be from the IRS. The agency will not contact you by phone, email, text message, or social media to request personal or financial information.
  • Be suspicious of requests for secure information, such as your Social Security number, date of birth, financial account number, email, or password.
  • Never click on a link or download from a suspicious email. If the email claims to be from a company you do business with, go to the company’s website and log in to your account from there.
  • Never provide personal security information over the phone to an incoming caller. If you think the call might be a legitimate request from a company you do business with, hang up, and call the company directly.

2. Monitor and secure your accounts

Many companies, including Fidelity, go to great lengths to safeguard customers’ information and provide security tools. But you need to do your part too.

  • Choose passwords that can't be easily guessed, use different passwords for different websites, and change them regularly.
  • Make sure your financial institutions have up-to-date contact information for you. Your contact data is critical to account protection, and your financial institutions rely on that information to promptly inform you of any suspicious activity.
  • Many financial institutions provide an option to sign up for automated alerts of suspicious account activity. Fidelity automatically alerts you by email of certain suspicious activity.
  • Regularly check your credit report. The 3 major agencies—Equifax, Experian, and TransUnion—are required by law to provide you with a free copy of your credit report once every 12 months, which means you can check your report for free 3 times throughout the year.

3. Guard your identity on social media

Criminals can compile a surprising amount of information from social media that can open the door to identity theft. Birthdays, family names, schools, and similar details are often used in security questions to access financial accounts. Even photos can provide hints about your tastes, hobbies, and travels, which a crook can use to design a phishing attempt aimed directly at you.

  • Be careful about what you share.
  • Don't be fooled by a phishing attempt that provides personal details.
  • Be aware that someone you know may use your identity to steal from you. Safeguard your personal information even from them.
  • Security measures aren’t foolproof, and anybody can suffer a moment of inattention or lapse in judgment. Nevertheless, awareness and basic prevention practices can protect you from the vast majority of attempts to steal your identity or money through fraudulent schemes.

Learn more

Clarity begins with a conversation

Contact Fidelity today for 1:1 guidance during life's big decisions. We believe in making the complex, simpler, because we want you to be confident about the decisions you make—next week, next year, and beyond.