A recent study highlights the vulnerability of taxpayers to fraud, revealing that data breaches in 2024 have significantly increased the risk of tax-related identity theft. According to data compiled by credit agency TransUnion, there were 970 data breaches last year that exposed personally identifiable information (PII). This PII includes crucial data needed for various forms of tax fraud. In total, 640 million consumer records were compromised, including Social Security numbers, address histories, and full names.
These data breaches are particularly concerning because even a small amount of stolen information can be leveraged by criminals to launch sophisticated attacks. With this information, criminals can file fraudulent tax returns in a victim’s name or gain access to bank accounts to intercept tax refunds. As a result, many criminals target call centers to verify stolen PII or use it to gain access to online government portals.
Protecting Your Data
Criminals are continuously devising new schemes to obtain personal information. One such scheme involves mailings that appear to come from a delivery service, arriving in a cardboard envelope with a fabricated IRS masthead. The letter falsely claims to address an “unclaimed refund” and requests sensitive personal information, including pictures of driver’s licenses. Identity thieves then use this information to fraudulently obtain tax refunds. To avoid falling victim to these schemes, experts recommend taking several preventative steps.
To protect against tax-related identity theft, experts recommend that consumers file their taxes early and electronically, rather than mailing paper documents. Furthermore, taxpayers should request direct deposit of their tax refunds and avoid receiving checks by mail. “You should also request an Identity Protection PIN through the IRS website,” explained Jennifer Pitt, Senior Fraud & Security Analyst at Javelin Strategy & Research. “This will prevent someone from using your Social Security number to file taxes. Additionally, consider signing up for credit monitoring or identity protection services to monitor any use of your personal information.”
IRS Communication Guidelines
The IRS continues to see a barrage of email and text scams targeting taxpayers. These fraudulent messages attempt to trick unsuspecting victims into providing their personal and financial information. Taxpayers must be vigilant about how the agency communicates with them. The IRS primarily contacts taxpayers through regular U.S. mail delivered by the U.S. Postal Service, generally only sending emails or texts with prior consent or agreement. While the agency may call to verify information or set up a meeting, they never leave prerecorded voicemails or conduct robocalls, which taxpayers can safely ignore. Furthermore, the agency will never initiate contact through social media.
