Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

3/24/2009
03:00 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Affinion Survey: Users Vulnerable To Tax-, Employment-Related Identity Theft

Phishing, vishing, and unscrupulous tax preparers pose increasing threats

NORWALK, Conn., March 24 -- Tax time will unfortunately bring more than a refund check to many taxpayers this year. Affinion Security Center, a leading provider of identity theft protection, detection and resolution services, recently conducted a survey of 1,000 adults to determine the level of awareness and concern that exists for tax- and employment-related identity theft. Overall, the findings revealed that taxpayers have a lack of awareness and only moderate levels of concern, leaving them vulnerable and unprotected against these growing threats.

Taxpayers Vulnerable to Phishing and Vishing Tax Scams and Unscrupulous Tax Preparers When asked how the IRS contacts taxpayers regarding their tax returns, 53 percent did not respond correctly. 23 percent of those responded that they did not know the ways the IRS contacts taxpayers regarding their tax returns, while 22 percent thought that the IRS could call or email them. Additionally three percent thought the IRS could contact them on the telephone and five percent would not be surprised to receive an email from the IRS.

Because so many respondents did not know that the IRS does not send unsolicited emails or make unsolicited phone calls regarding refunds or filings, they are vulnerable to phishing or vishing (voice phishing using the telephone) scams where thieves pose as IRS agents to gain personal information such as social security or bank account numbers. The IRS warned taxpayers about several of these scams in 2008. In fact, the recently released annual Fraud and Identity Theft Compliant data from the Federal Trade Commission (FTC) showed an astounding 85 percent increase over 2007 in complaints related to fraudulent tax refund filings in 2008.

The survey also showed that 1/3 of the respondents who rely on the services of a tax preparer were not at all concerned about the possibility of becoming victims of identity theft when choosing their preparer. An additional 23 percent were somewhat concerned and only 18 percent were very concerned.

"While identity theft is a cause for concern all year long, tax season is a particularly dangerous time," said Tom Rusin, president of Affinion Security Center. "Our goal with conducting this survey was to uncover potential vulnerabilities and to help educate people on the dangers that exist and the steps that they can take to try to avoid falling victim to identity thieves and fraudsters."

Employment-Related Identity Theft Another type of identity theft that often comes to light during tax season is employment-related identity theft which can include someone stealing another person's social security number in order to obtain employment. The Affinion Security Center survey found that while the majority of those surveyed were at least somewhat concerned, almost 40 percent were not at all concerned that they could become victims of employment-related identity theft. This is a troublesome discovery, as the recent FTC data revealed a 30 percent increase in complaints of employment-related fraud in 2008.

The Affinion Security Center would like to help educate consumers and provide the following tips on how to Prevent Identity Theft During Tax Season:

When Preparing Your Return

1. Be Aware of Suspicious Emails and Phone Calls Regarding Your Tax Refund, Tax Filing or Any Stimulus Checks - Check the IRS website for tips on how to spot scammers and thieves posing as the IRS and a list of known phishes.

2. Be Diligent When Choosing Your Tax Preparers - Ensure that you are working with a credible firm and be extra cautious about new or seasonal offices. Check the IRS website for more tips on how to choose a tax preparer.

3. Secure your computer - Many people file taxes electronically. If you are one of those, be sure to install updated firewalls and anti-spyware protection to help keep your personal data out of the hands of thieves.

During and After Filing

1. Mail securely - If you file via mail, be sure to mail your return directly from the post office - do not leave your tax return in your unlocked mailbox or at the curb for pickup by your local mail carrier. Your personal information will be vulnerable until it is retrieved by the postal carrier.

2. Safeguard Sensitive Information in Home and Outside - Frequently the greatest threat to personal information comes from service providers or in-home workers or acquaintances. Keep paperwork in a safe location. When carrying this information out of the house, be sure to keep it on you or make sure if you leave it in the car, it is not visible.

3. Micro-Shred Your Documents - Cross-cut shredders just don't "cut" it these days. Use a micro-cut shredder for maximum security. The shred size on micro-cut machines is much smaller - documents are literally turned into dust, offering the highest level of security. And since even a seven year- old receipt can be used by a thief, shredding is still one of the simplest ways to prevent identity theft.

Consider Identity Theft Protection Services For extra identity protection, taxpayers should consider enrolling in an identity theft protection program such as IdentitySecure.

The survey of 1,091 adults was conducted on behalf of Affinion Security Center by Greenfield Online, Inc. in February 2009.

About Affinion Security Center Affinion Security Center, a division of Norwalk, Connecticut-based Affinion Group, is a global leader in providing identity protection and data security solutions to corporations and individuals. For over 35 years Affinion Security Center has been powering many of the world's leading personal data protection and breach resolution solutions offered by local, national and multi-national enterprises in the financial, retail and travel industries. The company currently protects over 7 million subscribers with services including IdentitySecure, PrivacyGuard, PC SafetyPlus and Hotline, and serves enterprise and government agencies with the data breach preparation and response tool, BreachShield. Affinion Security Center is part of the steering committee of the Identity Theft Prevention and Identity Management Standards Panel (IDSP) and is a member of the Staples Security Council. For more information please visit www.affinionsecuritycenter.com.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
US Capitol Attack a Wake-up Call for the Integration of Physical & IT Security
Seth Rosenblatt, Contributing Writer,  1/11/2021
More SolarWinds Attack Details Emerge
Kelly Jackson Higgins, Executive Editor at Dark Reading,  1/12/2021
Vulnerability Management Has a Data Problem
Tal Morgenstern, Co-Founder & Chief Product Officer, Vulcan Cyber,  1/14/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-7343
PUBLISHED: 2021-01-18
Missing Authorization vulnerability in McAfee Agent (MA) for Windows prior to 5.7.1 allows local users to block McAfee product updates by manipulating a directory used by MA for temporary files. The product would continue to function with out-of-date detection files.
CVE-2020-28476
PUBLISHED: 2021-01-18
All versions of package tornado are vulnerable to Web Cache Poisoning by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configura...
CVE-2020-28473
PUBLISHED: 2021-01-18
The package bottle from 0 and before 0.12.19 are vulnerable to Web Cache Poisoning by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with defa...
CVE-2021-25173
PUBLISHED: 2021-01-18
An issue was discovered in Open Design Alliance Drawings SDK before 2021.12. A memory allocation with excessive size vulnerability exists when reading malformed DGN files, which allows attackers to cause a crash, potentially enabling denial of service (crash, exit, or restart).
CVE-2021-25174
PUBLISHED: 2021-01-18
An issue was discovered in Open Design Alliance Drawings SDK before 2021.12. A memory corruption vulnerability exists when reading malformed DGN files. It can allow attackers to cause a crash, potentially enabling denial of service (Crash, Exit, or Restart).