The Summer of Scams and Data Breaches: Protect Your PII
Personal Identifiable Information, or PII, is a valuable asset for fraudsters and scammers seeking to commit identity fraud. Think of PII as anything that can identify you as an individual, including:
- Date of Birth
- Driver’s License Number
- Email Addresses
- Passport Number
- Phone Number(s)
- Social Security Number
Data Breaches
You may have received letters or notifications about data breaches, security incidents, or cyberattacks this summer from car dealerships, Rite Aid, Ticketmaster, AT&T or other companies throughout the nation. Most include offers to provide identity monitoring or instructions on how to monitor your credit reports due to data breaches or security incidents at their organizations. If your PII was involved in any of the recent events, be certain to receive updates directly from the company or their designated representative as there has been a lot of inaccurate information circulating.
Keep in mind that credit cards are not the only target for scammers. Many will use your PII to create fake identities. With a fake identity, someone can open bank accounts, apply for credit cards, get a driver’s license, passport or other services using your PII.
Never ignore calls from debt collectors about debts that aren’t yours, or bills from people you don’t know. Contact the creditor for more details as this could be a fraudulent account opened with your PII.
How to Spot Identity Theft
According to the Consumer Financial Protection Bureau, everyone should review their free credit report from each of the three major credit bureaus. If an identity thief is opening financial accounts in your name, these accounts may show up on your credit report.
Items you should look for on your credit report:
- Inquiries from companies you’ve never contacted
- Accounts you didn’t open
- Wrong amounts on your accounts
One important tip is to never ignore calls from debt collectors about debts that aren’t yours, or bills from people you don’t know. According to the Consumer Financial Protection Bureau, a collection or bill on a debt you never borrowed may be an indication that someone else has opened an account in your name. Contact the creditor for more details. It could be a fraudulent account using your PII.
IRS Scammers and Impersonators
Some scammers and identity thieves pose as IRS agents or representatives via email, phone calls, text messages or social media. Anyone who receives a phone call, text, email or direct message from a social media account about the IRS should know these are all scams. Scammers are persistent. Don’t fall for them.
The IRS contacts taxpayers with a letter sent via US Mail.
If you receive a notification from the IRS, in the US Mail or by phone, you may always contact IRS customer service to authenticate it. It’s important to know if it really is the IRS contacting you.
Warning Signs of a Possible Scam
If taxpayers get an unexpected letter, email or text that claims to be from the IRS or another trusted source – like a bank, a credit company or a tax software provider – here are some tell-tale signs that it’s a scam:
- Spelling errors or incorrect grammar.
- A link or attachment that with a slightly misspelled URL or an unusual one such as irs.com. All IRS links go to irs.gov.
- A threatening or urgent request to pay now, to follow a link or to open an attachment.
Keep in mind that the IRS:
- will not call you with threats of jail or lawsuits
- will not send you an unsolicited email suggesting you have a refund
- will not say you need to update your account
- will not request any sensitive information online
Remember, you can always contact the IRS directly to confirm if the communication is legitimate.
Report Scams to the IRS
The IRS has many options to report scams. Taxpayers can use the below options to report phone, email and other impersonation scams:
- Forward IRS-related scam emails to phishing@irs.gov. You may also report an unsolicited email claiming to be from the IRS or an IRS-related system like the Electronic Federal Tax Payment System to the IRS at phishing@irs.gov.
- Report IRS impersonation telephone calls at www.tigta.gov (Treasury Inspector General for Tax Administration) on the IRS Impersonation Scam Reporting webpage. Taxpayers can also call 800-366-4484 to report impersonation scams.
- Report phone scams to the Federal Trade Commission using the FTC Complaint Assistant. Add “IRS Telephone Scam” in the notes.
- Protect your community by reporting fraud, scams, and bad business practices. Report fraud to Report Fraud FTC.
- For a comprehensive listing of recent tax scams, consumer alerts and how to report them, visit Tax Scams/Consumer Alerts.”
Best Practices for Keeping Your Accounts Secure
- Enable multifactor authentication (MFA) on your accounts (if available). You can often find this in the security settings.
- Make sure to check the sender’s email address on all emails. Sometimes emails can appear legitimate at first glance.
- Ask yourself:
- Am I expecting this email?
- Is the request for information something I was expecting?
- Does the format of the email, ex. font type, signature, language, all look familiar?
- Does the sender’s domain match what I’m expecting? Example: All emails from Wouch Maloney will come from a @wm-cpa.com domain.
If you’re unsure if the email is legitimate, call the organization with a known and published phone number. Do NOT call the phone number listed in the signature of the email.
- Exercise caution with email attachments and treat those marked as “Urgent” with skepticism. Any confidential data being sent should come through the organization’s secure portal or file delivery system.
- Check the hyperlinks in your emails before clicking them. Many attackers will trick you into clicking a malicious link that looks legitimate, but designed to infect your computer. Hover over any URLs to ensure you’re not directed to look-alike domains.
- Double check that you’re on the correct website before inputting any login information.
- Only browse on websites you know are legitimate and avoid clicking on any suspicious links.
Additional Cybersecurity Resources
Each year, our team provides a reminder for our clients and friends to check their digital footprint. By reviewing your name online, checking your credit reports and taking steps to remove content on free websites that include your name, address, email address, phone numbers and age, you may help thwart misuse of your Personal Identifiable Information.
To read our earlier Cybersecurity articles, please click here.
As always, should you have questions on this or other matters affecting you or your business, please call or email us to speak with a CPA today.
DISCLAIMER: The WM Update, WM Wednesday Wisdom, WM Daily Update, and other related communications are intended to provide general information, as of the date of this communication, and may reference information from reputable sources. Although our firm has made every reasonable effort to ensure that the information provided is accurate, we make no warranties, expressed or implied, on the information provided. As legislative efforts are still ongoing, we expect that there may be additional guidance and clarification from regulators that may modify some of the provisions in this communication. Some of those modifications may be significant. As such, be aware that this is not a comprehensive analysis of the subject matter covered and is not intended to provide specific recommendations to you or your business with respect to the matters addressed.
References:
