How to navigate identity theft
By popular demand, and unfortunately, because of the continuing relevance of the subject, the following is a reprinting of an old column.
Now is the time of year when most of us have the IRS on our minds and thieves know it. I have no doubt that many of my readers share the daily frustration of thieves trying every way possible to obtain our Social Security numbers, credit card numbers, financial information, etc.
The following are three past attempts to acquire personal identity information from unwitting people like you and me by way of telephone, email (“phishing”) and text messaging (“smishing”).
A client of mine received an official-looking email that appeared to be from the Internal Revenue Service. The email claimed that my client was entitled to a refund for Social Security recipients and provided a link to the “Internal Revenue Service” website. The website was a welldone imitation or clone of the actual Internal Revenue Service website and provided yet another link to be used to gather all your personal information (name, social security number, date of birth, and even your mother’s maiden name) to claim the refund.
Fortunately, my client did not respond to the email but instead forwarded it to me. The Internal Revenue Service DOES NOT correspond with taxpayers by email! In fact, your email address is not required to be supplied on your individual income tax returns. In other words, the Internal Revenue Service DOES NOT even have your email address.
Another client received an official-sounding telephone message from their credit card banking institution. The message urgently requested that she immediately call the bank at the toll-free number provided between the hours of 8 a.m. and 8 p.m. “Operators will be standing by.”
She called and connected to an officialsounding message requesting her to type in her credit card number. Using her good instincts, she refused to give her credit card number and waited for an agent. An agent came on the phone requesting her name, credit card number and the last four digits of her Social Security number. She refused to give out the information asking the agent the nature of the original call. She was then told by the agent that her account was delinquent. The agent continued to demand her personal information and when my client refused, the agent abruptly hung up on her. My client then verified that her account was current by calling the bank telephone number on the back of the credit card.
A third client of mine received a text message from what appeared to be her bank requesting that she click on a link to their website to address a balance due on her credit card. She was apparently “smished.” Her email address, telephone contact list and some personal information were compromised requiring her to spend days changing passwords, securing her email address, and warning those on her contact list. Needless to say, her stress level went through the roof!
We have to be more and more alert to these types of creative “phishing” and “smishing” scams. Before giving out any of your personal information, ask yourself who initiated the contact. If your bank or creditor initiated the contact, then they ALREADY have your information and they do not need it. If you initiated the contact utilizing known telephone numbers, then you will be required to prove your identity. Lastly, be alert before you connect to any link whether on your smartphone or email. Barry Dolowich is a certified public accountant and owner of a fullservice accounting and tax practice with offices in Monterey. He can be reached at 372-7200. Please address any questions to Barry at PO Box 710 Monterey, CA 93942-0710 or email: bdolowich@gmail.com.