- Protect your personal information everywhere online and secure your mobile phone accounts with your phone provider.
- Learn to recognize phishing emails and calls. Don't trust calls from individuals claiming to represent technical support, the IRS, or your financial institutions.
- File your tax return as early as possible.
Being contacted by the Internal Revenue Service can cause concern for any taxpayer, but imagine receiving a telephone call and hearing this:
"This prerecorded message is to notify you that the IRS has found fraud and misconduct on your tax return. This needs to be resolved immediately, and it's very important that I hear from you as soon as possible or a legal action will be taken against you."
That's an actual message received by a real taxpayer, and reported to the IRS—but everything about the call is fake. It's a criminal scam, aimed at scaring victims into placing a call to the scammer who might demand an immediate cash payment, or attempt to obtain personal information that could be used for identity theft.
With tax-filing season in full swing, intimidating calls of this type try to take advantage of taxpayers' IRS anxiety. Most people are quick to spot the call as a fake since the IRS doesn't threaten taxpayers by telephone, emails, or text messages, or issue arrest warrants.
But the IRS ploy isn't the only scheme in the scam artists' bag of tricks, nor do they occur only at tax time. Other approaches may be more subtle, appearing to come from a company you trust and asking you to verify account information. Or the criminals may operate almost entirely behind the scenes, quietly gathering information about you that can be used for a wide range of identity fraud. The common thread in almost all of the schemes is that they rely on the victim to provide sensitive information or, at the very least, to be inattentive to the security of their personal information.
5 common scams
Tax refund fraud
A criminal, having illegally obtained your Social Security number, files a fraudulent tax return in your name and collects a refund. When you submit your legitimate tax return, it is rejected because the IRS has already processed a return with your Social Security number. In some cases, you may receive a notice prior to filing your return that the IRS has received a suspicious return using your identity.
What to do:
- File your return early, reducing the likelihood that a criminal would have previously filed a fraudulent return.
- If your return is rejected because of a duplicate filing under your Social Security number, submit Form 14039, Identity Theft Affidavit, to the IRS.
- Remember, the IRS will contact you through the US Postal Service, not a phone call. If you receive a letter from the IRS that it has received a suspicious return using your identity, contact the IRS. Visit IRS.gov for contact information.
- Do not return a call from someone claiming to be with the IRS.
Continue to pay your taxes and file your legitimate tax return, although you may have to submit a paper return rather than an electronic one. Attach Form 14039, Identity Theft Affidavit, when filing your return.
Employment or health care fraud
A person uses your identity to obtain a job or receive health care services. You may become aware of the scheme after you file your tax return, and are notified by the IRS that you appear to have underreported your income and owe additional tax. Or, in the health care version of the scheme, you receive notification that you are required to pay for medical exams, procedures, and prescription drugs that you never received.
What to do:
- If you suspect you are a victim of taxpayer identity theft, immediately contact the IRS and file Form 14039, Identity Theft Affidavit.
- Never surrender Social Security, Medicare or health insurance numbers to anyone you don't know and trust.
- If you believe someone has signed up for health insurance in your name, call the Health Insurance Marketplace call center at 800-318-2596, and explain the situation.
Tech support scam
You receive a phone call from someone claiming to be a technical support person, informing you that there is something wrong with your computer and the caller can help you fix the problem. Alternately, a message appears on your computer screen informing you that your computer is infected with viruses, or that you are locked out of your computer and your files have been encrypted, denying you access. If you follow the instructions of the caller or the screen message, your computer may be taken hostage and your personal information stolen. You are then asked to pay a fee to restore access to your computer or data.
What to do:
- Prevention is the best medicine. Don't click pop-up ads or attachments from unknown senders. Avoid clicking links in emails. Visit known websites by manually typing the URLs in a browser.
- Do not allow anyone to control your computer remotely and don’t give passwords and security codes to anyone on the phone.
- Hang up if you receive tech support call, and don't respond to scare messages about your computer being infected. If you need help with your computer, go to your local computer or electronics store.
- Back up your data regularly. That way, you can reboot and regain control of your computer by cleaning your hard drive and reinstalling your operating system.
Credit card fraud
Someone using your identity signs up for a credit card and racks up large charges. A crook who obtains a new card could use it extensively before being discovered. Sometimes, a stolen identity is used to obtain personal loans or open unauthorized financial accounts. You will likely learn about this when bills are not paid and collection agencies start calling for payments.
You may notice either you are not getting any postal mail or you start receiving confirmation or decline letters for credit cards or loans that you did not initiate.
What to do:
- Report the crime and start a recovery plan on IdentityTheft.gov.
- Notify law enforcement officials.
- Consider freezing your credit files if you do not have any plans to take new credit cards or loans. Beginning September 21, 2018, you can freeze and unfreeze your credit file for free. Read more about it on the Federal Trade Commission website.
- Put a fraud alert on your credit reports, which notifies lenders and creditors that they should take extra steps to verify your identity before extending credit. Contact one of the 3 credit bureaus to report the crime (Equifax at 800-525-6285, Experian at 888-397-3742 or TransUnion at 800-680-7289). For a fee, these credit bureaus can also help with freezing your credit files, to prevent unauthorized activity.
You are solicited by email, phone, or in person to contribute to an organization that sounds like a good cause but is actually a scam. Such schemes may be general in nature, often using a name very similar to a well-known charity, or they may be more targeted, attempting to prey on people who are victims of a natural disaster or known to have a personal interest in a particular disease or social cause. These days, charity scams are also being circulated through social media posts such as Facebook, Twitter, WhatsApp and LinkedIn.
What to do:
- Before contributing, research the charity through the Better Business Bureau's (BBB) Wise Giving Alliance, Charity Navigator, Charity Watch, or GuideStar.
- If you suspect you have been a victim of charity fraud, file a complaint on IdentityTheft.gov.
How to protect yourself
The good news is that you can protect yourself in most cases, by being aware of the threat and following certain practices for safeguarding your information.
1. Don't take the phishing bait
Phishing is a technique used by criminals to trick victims into providing personal information that can be used for identity theft. Most phishing attempts are carried out by email, text messages, or phone.
- Ignore deals, freebies, and awards that sound too good to be true. Disregard offers that appear to come from unusual foreign contacts, as well as requests from strangers for help.
- Ignore phone calls, emails, or texts that appear to be from the IRS. The agency will not contact you by phone, email, text message, or social media to request personal or financial information.
- Be suspicious of anyone requesting your Social Security number, date of birth, financial account number, PIN, email, or passwords—especially if there is a request to verify your information when you were not expecting it.
- Never click a link or download an attachment inside an unexpected email. If the email claims to be from a company you do business with, don't log in from a link in the email message—go to the company's website and log in to your account from there.
- Never provide personal information over the phone to an unsolicited caller. If you think the call might be a legitimate request from a company you do business with, hang up, and call the company directly.
2. Protect your phone service
Your phone has become an important part of security protocol and is the "master key" to accessing online accounts and information.
Criminals and scam artists are actively using stolen identity information to port your mobile phone number, or forward your phone calls and text messages. They do this by calling phone service providers such as AT&T, Verizon, Sprint, T-Mobile, Xfinity, etc. If you use Voice over IP (VoIP) phones such as from Xfinity, Verizon FIOS, Google Voice, etc., then your voice phone portal accounts are also at risk.
Cyber criminals do this to steal your 2-factor authentication codes and text messages to get into your financial institution accounts.
- Learn signs that your phone may be hacked. If you notice your mobile phone showing "no service" or "emergency calls only," or you stop receiving phone calls and text messages even after you restart your phone, contact your mobile company to see if your account has been compromised.
- Ask your telecom provider about ways to better secure your account, especially verifying your identity with a PIN or 2-factor authentication to make changes, route phone calls, forward phone messages, or port your phone number.
- Secure your online phone and internet service provider account where you pay bills and manage settings. Use a separate and strong password for such accounts and enable 2-factor authentication on these accounts.
3. Monitor and secure your accounts
Many companies, including Fidelity, go to great lengths to safeguard customers' information and provide security tools. For instance, Fidelity offers 2-factor authentication, designed to prevent someone from accessing your account, even if they have your password.
Here are a few actions you can take to reinforce those safeguards.
- Choose passwords that can't be guessed easily. Use different passwords for different websites, and change them regularly.
- Sign up for 2-factor authentication at your financial institutions and email service providers to protect all your online accounts.
- Make sure your financial institutions have up-to-date contact information for you, especially your mobile number. Your financial institutions use this information to protect your accounts and to contact you when suspicious activity is detected.
- Sign up for automated alerts of suspicious account activity wherever offered. Fidelity automatically alerts you by email and text messages of certain suspicious activity. Do not ignore these text alerts whenever received.
- Check your credit report regularly. The 3 major agencies—Equifax, Experian, and TransUnion—are required by law to provide you with a free copy of your credit report once every 12 months, which means you can check your report for free 3 times throughout the year.
4. Secure your mobile devices and personal computers
Any device you use that is connected to the internet can become a mechanism of attack by cyber-criminals. Hackers can get in through newly discovered security holes in these devices and systems.
- Apply updates and patches as soon as the system maker releases them.
- Don’t download mobile apps and games that you do not trust. Some mobile apps have been found to contain hidden malicious software. Use your best judgment before using a brand new app from an unknown company and read reviews before downloading.
- Run antivirus software on your computers, and ensure that your mobile devices have the most recent security updates and patches.
Keep good habits
Security measures aren't foolproof, and anybody can suffer a moment of inattention or lapse in judgment. Nevertheless, awareness and basic prevention practices can protect you from the vast majority of attempts to steal your identity or money through fraudulent schemes.
Next steps to consider
Safeguard important financial, legal, and personal documents.
Take action to enhance security on your Fidelity accounts.
Get market and economic insights, investing ideas, and other tips on personal finance.