Tuesday, March 31, 2015

Sign Up Now at IRS.gov!

   ID Fraud has been a popular topic lately.  This is especially timely with it being tax season in the US and the filing deadline around the corner.  I wrote about ID Fraud and taxes a few posts ago.

   I'm a big fan of Brian Krebs' work.  Whether you're a security professional or a consumer interested in the security and privacy of your information (or both!), his blog posts and articles are usually great reads.  He recently put up a post entitled "Sign up at IRS.gov, before the crooks do it for you".  Read it here.

   It turns out that the IRS has a function on its website that allows you to get information about your past and current returns.  You need to create an account to do so.  The site does use a form of "identity proofing".  This means that the site asks you to provide personal data that it matches to information it already has.

   Identity Proofing is a great idea, in theory.  It's designed to bypass the "Facebook attack" that is effective on so many other websites, particularly those that ask for answers to "secret questions".  The so-called Facebook attack is when the answers to the secret questions or other identity information can easily be found on someone's Facebook page, or other social media (since Facebook is the "Kleenex" of social media! :-).

   Side note... as I've discussed in the past, the "correct" way to answer secret questions is to not answer them truthfully.  Then save your answers in your password vault.  You do have a password vault, right?

   The issue is that an ID thief can get to the site and set up an account in your name before you do!  They can then use that to get more identity and tax information about you.  Of course, the potential thief must know or guess a certain amount of information first.

   From the Krebs' article:
If you’re an American and haven’t yet created an account at irs.gov, you may want to take care of that before tax fraudsters create an account in your name and steal your personal and tax data in the process.
   From the IRS.gov website, here is what you need to sign up:
"The personal information you enter must match the information you provided us on your most recent tax return. We use the following information to verify your identity:
  • Name
  • Social Security Number or Individual Tax ID Number (ITIN)
  • Date of Birth
  • Filing Status
  • Mailing Address
  • Third Party Verification Questions - you must provide answers to questions about personal information such as prior address, mortgage information, etc., that only you should know.
You must also provide us with a valid email address, which we will confirm and use to notify you if your registration information changes. Your confirmation email should arrive quickly so check your junk folder if you don't see it."
   Note that you might need your tax return handy when you sign up.  You need to enter your info exactly as it appears in your tax records.  For example, did you use "road" or "rd" or "rd." in your address?

   Whether or not you plan to use the IRS online transcript services, you should still get in there and create your account... before someone does it for you!

No comments:

Post a Comment