Awareness : Security Awareness Tips

Tax Season Is Here – File Early To Protect Yourself

As faculty and staff start receiving their W2s and other tax related documents, it is time to start thinking about filing income tax returns - early. This is also the season when identity thieves go into overdrive, attempting to file fraudulent tax returns. Tax fraud is now the third-largest theft of federal funds after Medicare/Medicaid and unemployment-insurance fraud. South Florida, already the leader in Medicare fraud, is also assuming the lead in tax-identity theft. Florida has the highest rate of identity theft in the country, with 178 complaints per 100,000 residents in 2011 according to the Federal Trade Commission. Tax refund identity theft exploded to more than 1.1 million cases in 2011 from 51,700 in 2008. The Treasury Inspector General for Tax Administration last summer reported discovering an additional 1.5 million potentially fraudulent 2011 tax refunds totaling in excess of $5.2 billion.

Fraudulent tax returns can come in the form of tax identity theft, refund fraud, or return-preparer fraud. With e-filing, evidence of fraud is difficult to find. There are no signed tax forms, envelopes or fingerprints, and e-filing promises quick refunds. For criminals to e-file in your name, they need your name and Social Security number combined with a phony Form W-2 (wages) or fabricated Schedule C (business income). So these ID thieves steal your personal information from other sources and then use it to file a fake tax return in your name, usually tweaking the numbers to get a large refund. The refund can be posted to an anonymous “Green Dot” prepaid Visa purchased at a drugstore, Walmart etc. Such cards have a routing and account number suitable for direct deposit. The taxpayer who’s ID has been stolen will not find out until he/she attempts to file the real return, and are then told by the IRS that the return has already been filed and refund sent. Hence the primary reason to file as early as possible, before a potential criminal attempts to do so on your behalf.

Another form of tax refund fraud is when an unscrupulous return preparer modifies the bank-routing information on a return so the direct-deposit refund will go to his/her own bank account. The fraudster may increase the deductions so a return will show a larger refund due, with only the increase routed to his bank account. The victim will know nothing unless the IRS sends an audit notice. Other preparers have abused the return information of former clients to file false refund returns in subsequent years. Criminals have established physical offices and websites displaying names of major tax-preparation franchises in order to gain genuine return documents and signatures from unsuspecting victims.

The IRS will replace a lost or stolen refund check. However, a stolen refund using an altered or erroneous routing number on a tax return will generally not be refunded until the bank returns the funds to the IRS.

If you become a tax refund identity theft victim, immediately seek a referral to the IRS Identity Protection Specialized Unit or the Taxpayer Advocate Service using Form 911. Keep in mind that it can take over a year to resolve. The IRS has a backlog of 650,000 cases.

If you have been a victim of identity theft, you can request an “electronic filing PIN”. You need to obtain Form 14039, “Identity Theft Affidavit”, so that the IRS might apply additional return-screening procedures. You should be aware that conventional credit-monitoring services may not be effective against income-tax identity theft.

How to protect yourself

  • As stated before, file your return early. Identity thieves often submit their fake returns early in the filing season — which is why you might want to file as early as possible — before the criminal has a chance. Use a reputable tax professional or use legitimate tax prep software programs.
  • The IRS has issued several consumer warnings about the fraudulent use of the IRS name or logo by criminals trying to gain access to consumers’ financial information in order to steal their identity. Criminals will use regular mail, telephone, fax or email to set up their victims. The IRS does not initiate taxpayer communications through email. Unsolicited email claiming to be from the IRS, or from an IRS-related component such as the Electronic Federal Tax Payment System (EFTPS), should be reported to the IRS at
  • Clicking on attachments to or links within an unsolicited email claiming to come from the IRS may download malicious computer software (malware) onto your computer. Use up to date anti-malware on ALL computers, especially one’s being used to file tax returns. The University currently has contracted with McAfee for anti-malware software. This software is available for current employees (and students) for personal computers. Contact your IT liaison if you have questions. Note the anti-malware must be updated frequently to be effective. Daily updates are recommended.
  • Similarly regularly update your operating system, browser and other application software. So not only should you be updating your OS like Windows, Mac, iOS, Android etc, you should also be updating your browser(Internet Explorer, Firefox, Chrome, Safari etc) as well as applications such as Microsoft Office, Adobe Acrobat, Reader, Flash, Oracle Java and Apple iTunes.
  • Use secure, encrypted wireless connections when accessing banks, credit cards, and doing your tax returns. Using the free wireless at your local Starbucks, Barnes & Noble etc when doing your taxes, or accessing your bank etc. is not a secure practice.
  • Shred credit card statements, tax documents, health insurance statements (EOBs) and any other documents containing personally identifiable information (PII) before disposal. Identity thieves do sift through dumpsters looking for documents with PII. Of course, follow the same practice in securely disposing of any University documents that contain PII/PHI, including that of patients, employees, donors, job applicants, students, clinical trial participants etc. The School of Medicine has a contract to provide centralized shredding services – for further information please call 305-243-1052 or via email at You should also securely wipe data from computers, tablets, smart phones, USB drives etc. before disposal. Contact Information Technology for further assistance.
  • A taxpayer who believes they are at risk of identity theft due to lost or stolen personal information should contact the IRS immediately so the agency can take action to secure their tax account. The taxpayer should contact the IRS Identity Protection Specialized Unit at 800-908-4490. The taxpayer may be asked to complete the IRS Identity Theft Affidavit Form 14039.

For more information

Posted: February 5, 2013