- File your tax return as early as possible.
- Protect your personal information everywhere online and think twice about what you post on social media.
- Learn to recognize phishing emails and calls. Don't trust calls from individuals claiming to represent the IRS or financial institutions.
Being contacted by the Internal Revenue Service can cause concern for any taxpayer, but imagine receiving a telephone call and hearing this:
"This prerecorded message is to notify you that the IRS has issued an arrest warrant against you. Right now you and your physical property are both being monitored, and it's very important that I do hear from you as soon as possible before we proceed further in any legal manner."
That's an actual message received by a real taxpayer, and reported to the Better Business Bureau—but everything about it is fake. It's a criminal scam, aimed at scaring the target into placing a call to the scammer who might demand an immediate cash payment, or attempt to obtain personal information that could be used for identity theft.
With tax-filing season in full swing, intimidating calls of this type try to take advantage of taxpayers' IRS anxiety. Most people are quick to spot the call as a fake—the IRS doesn't threaten taxpayers by telephone, issue arrest warrants, or conduct surveillance.
But the IRS ploy isn't the only scheme in the scam artists' bag of tricks, nor do they occur only at tax time. Other approaches may be more subtle, appearing to come from a company you trust and asking you to verify account information. Or the criminals may operate almost entirely behind the scenes, quietly gathering information about you that can be used for a wide range of identity fraud. The common thread in almost all of the schemes is that they rely on the target to provide some information or, at the very least, to be inattentive to the security of their personal information.
5 common scams
Tax refund fraud
A criminal, having illegally obtained your Social Security number, files a fraudulent tax return in your name and collects a refund. When you submit your legitimate tax return, it is rejected because the IRS has already processed a return with your Social Security number. In some cases, you may receive a notice prior to filing your return that the IRS has received a suspicious return using your identity.
What to do:
- File your return early, reducing the likelihood that a criminal would have previously filed a fraudulent return.
- If your return is rejected because of a duplicate filing under your Social Security number, submit Form 14039, Identity Theft Affidavit, to the IRS.
- Remember, the IRS will contact you through the mail, not a phone call. If you receive a letter from the IRS that it has received a suspicious return using your identity, contact the IRS. Visit IRS.gov for contact information.
Continue to pay your taxes and file your legitimate tax return, although you may have to submit a paper return rather than an electronic one. Attach Form 14039 when filing your return.
Employment or health care fraud
A person uses your identity to obtain a job or sign up for health care through the Health Insurance Marketplace. You may become aware of the scheme after you file your tax return, and are notified by the IRS that you appear to have underreported your income and owe additional tax. Or, in the health care version of the scheme, you receive notification that you received a premium subsidy to which you weren't entitled, based on your income, and you have to pay it back.
What to do:
- If you suspect you are a victim of taxpayer identity theft, immediately contact the IRS and file Form 14039, Identity Theft Affidavit.
- If you believe someone has signed up for health insurance in your name, call the Health Insurance Marketplace call center at 800-318-2596, and explain the situation.
You are solicited by email, phone, or in person to contribute to an organization that sounds like a good cause but is actually a scam. Such schemes may be general in nature, often using a name very similar to a well-known charity, or they may be more targeted, attempting to prey on people who are victims of a natural disaster or known to have a personal interest in a particular disease or social cause. These days, charity scams are also being circulated through social media posts such as Facebook, Twitter, WhatsApp and LinkedIn.
What to do:
- Before contributing, research the charity through the Better Business Bureau's (BBB) Wise Giving Alliance, Charity Navigator, Charity Watch, or GuideStar.
- If you suspect you have been a victim of charity fraud, file a complaint on IdentityTheft.gov.
You receive a phone call from someone claiming to be a technical support person, informing you that there is something wrong with your computer and the caller can help you fix the problem. Alternately, a message appears on your computer screen informing you that you are locked out of your computer or your files have been encrypted, denying you access. If you follow the instructions of the caller or the screen message, your computer may be taken hostage or your personal information stolen. You are then told to pay a fee to restore access to your computer or data.
What to do:
- Prevention is the best medicine. Don't click pop-up ads or attachments from unknown senders, and don't respond to scare messages about your computer being infected. Avoid clicking links in emails. Visit known websites by manually typing the URLs in a browser.
- Back up your data regularly. That way, you can reboot and regain control of your computer by cleaning your hard drive and reinstalling your operating system.
- Look into commercial software programs such as anti-virus software, that might be able to protect you from computer infections and malware. Ignore suspicious phone calls about your computer. If you need help with your computer, go to your local computer or electronics store.
Credit card fraud
Someone using your identity signs up for a credit card and racks up large charges. A crook who obtains a new card could use it extensively before being discovered. Sometimes, a stolen identity is used to obtain personal loans or open unauthorized financial accounts. You will likely learn about this when bills are not paid and collection agencies start calling for payments.
What to do:
- Report the crime and start a recovery plan on IdentityTheft.gov.
- Notify law enforcement officials.
- Put a fraud alert on your credit reports, which notifies lenders and creditors that they should take extra steps to verify your identity before extending credit. Contact one of the 3 credit bureaus to report the crime (Equifax at 800-525-6285, Experian at 888-397-3742 or TransUnion at 800-680-7289). For a fee, these credit bureaus can also help with freezing your credit files, to prevent unauthorized activity.
How to protect yourself
The good news is that you can protect yourself in most cases, by being aware of the threat and following best practices for safeguarding your information. Make sure all your contact information at your financial institutions is up to date. Your contact data is critical to account protection, and your financial institutions rely on that information to promptly inform you of any suspicious activity.
Don't take the phishing bait
Phishing is a technique used by criminals to trick victims into providing personal information that can be used for identity theft. Most phishing attempts are carried out by email or phone.
- Ignore deals, freebies, and awards that sound too good to be true. Disregard offers that appear to come from unusual foreign contacts, as well as requests from strangers for help.
- Ignore phone calls, emails, or texts that appear to be from the IRS. The agency will not contact you by phone, email, text message, or social media to request personal or financial information.
- Be suspicious of requests for secure information, such as your Social Security number, date of birth, financial account number, email, or passwords.
- Never click a link or download an attachment from a suspicious email. If the email claims to be from a company you do business with, don't log in from a link in the email message—go to the company's website and log in to your account from there.
- Never provide personal security information over the phone to an incoming caller. If you think the call might be a legitimate request from a company you do business with, hang up, and call the company directly.
Monitor and secure your accounts
Many companies, including Fidelity, go to great lengths to safeguard customers' information and provide security tools. For instance, Fidelity has implemented 2-factor authentication, designed to prevent someone from accessing your account, even if they have your password.
Here are a few actions you can take to reinforce those safeguards.
- Choose passwords that can't be guessed easily. Use different passwords for different websites, and change them regularly.
- Make sure your financial institutions have up-to-date contact information for you. Your financial institutions use this information to protect your accounts and to contact you when suspicious activity is detected.
- Many financial institutions provide an option to sign up for automated alerts of suspicious account activity. Fidelity automatically alerts you by email of certain suspicious activity.
- Check your credit report regularly. The 3 major agencies—Equifax, Experian, and TransUnion—are required by law to provide you with a free copy of your credit report once every 12 months, which means you can check your report for free 3 times throughout the year.
Guard your identity on social media
Criminals can compile a surprising amount of information from social media, which can open the door to identity theft. Birthdays, family names, schools, and similar details are often used in security questions to access financial accounts. Even photos can provide hints about your tastes, hobbies, and travels, which a crook can use to design a phishing attempt aimed directly at you.
- Be careful about what you share. Protect your personal details on social media just as you would protect your money.
- Don't be fooled by a phishing attempt trying to collect personal details about your life.
- Be aware that someone you know may use your identity to steal from you. Safeguard your personal information even from them.
Secure your mobile devices and personal computers
Any device you use that is connected to the internet can become a mechanism of attack by cyber-criminals. Hackers can get in through newly discovered security holes in these devices and systems.
- Apply updates and patches as soon as the system maker releases them.
- Don’t download mobile apps and games that you do not trust. Some mobile apps have been found to contain hidden malicious software. Use your best judgment before using a brand-new app from an unknown company with little or no history in the marketplace.
- Run anti-virus software on your computers, and ensure that your mobile devices have the most recent security updates and patches.
Keep good habits
Security measures aren't foolproof, and anybody can suffer a moment of inattention or lapse in judgment. Nevertheless, awareness and basic prevention practices can protect you from the vast majority of attempts to steal your identity or money through fraudulent schemes.
Next steps to consider
Take action to enhance security on your Fidelity accounts.
Safeguard important financial, legal, and personal documents.
Get market and economic insights, investing ideas, and other tips on personal finance.