Skip to main content
Protect Yourself

Stay Safe in the Tax Season after Equifax

By February 21, 2018August 23rd, 2025No Comments

ā€˜Tis the season for tax fraud and identity theft via tax-related scams.  Tax fraud has been on the rise for years, and nearly 1 out of every 2 Americans are at increased risk for tax fraud due to the Equifax breach.  145 million Americans had their personally identifiable information (PII) stolen during that breach, bringing added stressors with increased unknowns.  After the breach, you may have been instructed to freeze your credit and take precautions to protect your finances, credit, and life from potentially malicious actors, but it must be noted that freezing your credit is not enough to prevent tax fraud. If a malicious actor possesses your Social Security Number (SSN), they are able to attempt to file fraudulent tax returns on your behalf. So, how can you protect yourself during this terrifying tax season?  

Stay Safe in the Tax Season After Equifax

File Early

You should file your tax returns early, well before April 15th, to avoid anyone else using your information to file fraudulent tax forms. Recently, a friend mentioned they already had their W-2s, so they felt secured against tax season identity theft. However, this is NOT the protection against identity theft. It should be noted that the IRS will only verify your taxes with your employment records in the event of an audit. There are few to no safeguards within the IRSā€™s tax season workflow that seek to verify or protect the average consumer. Once the IRS receives your tax returns, any additional ones would be flagged as potential fraud.  

File Electronically

Filing electronically will prevent any paper trail that could provide someone with your Social Security number. Additionally, Florida, Georgia, and the District of Columbia offer their residents a one-time-use identity protection personal identification number (PIN). If you live in one of these states, PLEASE use and obtain your PIN. Free protection is great protection! Individuals who receive a CP91A Notice will also be able to get a PIN number, and the IRS will send some individuals the option to Opt-In to the PIN program via USPS mail. If you receive an invitation, call the IRS directly to enroll, and do not provide any information to an unverified source. Knowing the following things can help avoid identity theft:

  • The IRS will NOT email individuals. Do NOT respond to or interact with emails from the IRS or state tax authorities. Instead, call the agency directly to verify the email.Ā 
  • The IRS DOES NOT call individuals. If you receive a call from the alleged IRS, tell them you will call them through the IRS phone line. That number is 1-800-829-1040.Ā Ā 
  • IF you receive a call, ask for the contact information and alleged name of the caller.Ā Ā 
  • Do NOT give out financial or personal information over the phone. This includes:Ā 
    • Types of credit cardsĀ 
    • Whether you own a credit cardĀ 
    • Types of debit cardsĀ 
    • Whether you own a debit cardĀ 
    • Account numbersĀ 
    • Financial institutions with which you hold an account or a line of creditĀ 
  • The IRS will not ask you to wire money or use a pre-paid card.Ā 
  • Absolutely NEVER wire or send any money based on a single call. VERIFY the individual beforehand.Ā Ā Ā 
  • Report the call by filing a complaint with the Treasury Inspector Generalā€Æonlineā€Æor by calling 800-366-4484, and to the FTCā€Æonlineā€Æor by calling 877-FTC-HELP.Ā 

If you believe you are a victim of identity theft:

  • Contact the IRS Identity Protection Unitā€Æonline, or by calling 800-908-4490.Ā 
  • File an Identity Theft Affidavit (Form 14039).Ā 
  • Report the fraud to the police.Ā 

Stay vigilant, think critically about urgent information presented to you, and donā€™t procrastinate on filing your tax returns this year!  

Sources:
https://www.irs.gov/identity-theft-fraud-scams/the-identity-protection-pin-ip-pin 
https://www.irs.gov/individuals/understanding-your-cp01a-notice 
https://twocents.lifehacker.com/the-irs-says-tax-email-scams-are-on-the-rise-1760658895 
https://thehill.com/opinion/finance/371815-equifaxs-data-breach-sins-live-on-to-this-years-tax-season 
https://www.giact.com/resources/the-rise-of-tax-fraud-losses/ 
https://medium.com/@iigsocialmedia/your-tax-return-could-be-in-danger-from-the-equifax-breach-8b9c7c2e0eca 
https://www.marketwatch.com/story/how-the-equifax-breach-could-impact-you-during-tax-season-2017-09-08 

Tags:

Security Assessment Case Study
Learn more about the importance of a Social Engineering Risk Assessment.
Download Now
Security Assessment Case Study
Learn more about the importance of a Social Engineering Risk Assessment.
Download Now
What Makes Us Different
At Social-Engineer, we pride ourselves on what we do and how we do it. We are a security services provider, focusing on four primary attack vectors. This case study will go through how we can protect your company and what makes us different.
Download Now
What Makes Us Different
At Social-Engineer, we pride ourselves on what we do and how we do it. We are a security services provider, focusing on four primary attack vectors. This case study will go through how we can protect your company and what makes us different.
Download Now
Woman vs Machine
Technology is providing new, more innovative ways to enhance our world. Scientists are constantly developing smarter, faster and more intelligent machines, systems and robots. There is no doubt that each of these has evolved beyond their clockwork origins.
Download Now
Woman vs Machine
Technology is providing new, more innovative ways to enhance our world. Scientists are constantly developing smarter, faster and more intelligent machines, systems and robots. There is no doubt that each of these has evolved beyond their clockwork origins.
Download Now
Vishing and Phishing Must Be Ongoing to Be Effective
Most companies have a security awareness program in one form or another. If they donā€™t, it should be on the short list of programs to start as soon as possible. In our experience, many of these programs take the form of computer-based training.
Download Now
Vishing and Phishing Must Be Ongoing to Be Effective
Most companies have a security awareness program in one form or another. If they donā€™t, it should be on the short list of programs to start as soon as possible. In our experience, many of these programs take the form of computer-based training.
Download Now
A Case Study in Vishing
Vishing (voice-based phishing) has been a problem for quite a long time. There are many vendors in the marketplace that offer vishing services. However they tend to use robo-callers or call centers for large volume engagements. If they are using trained humans to make calls, it is likely in very low numbers.
Download Now
A Case Study in Vishing
Vishing (voice-based phishing) has been a problem for quite a long time. There are many vendors in the marketplace that offer vishing services. However they tend to use robo-callers or call centers for large volume engagements. If they are using trained humans to make calls, it is likely in very low numbers.
Download Now
Benefits of a Social-Engineering Risk Assessment Engagement
Your company is important. Indeed, the data you hold for your clients or employees is very valuable and attackers seek to capitalize on that data any way they can. This is where a Social Engineering Risk Assessment (SERA) engagement can help uncover possible vulnerability to attackers.
Download Now
Benefits of a Social-Engineering Risk Assessment Engagement
Your company is important. Indeed, the data you hold for your clients or employees is very valuable and attackers seek to capitalize on that data any way they can. This is where a Social Engineering Risk Assessment (SERA) engagement can help uncover possible vulnerability to attackers.
Download Now
The Business Value of the Social-Engineer Phishing Service
Cybercriminals are targeting the human element of organizations. Additionally, they are developing techniques to use an organizationā€™s employees as the first point of entry. According to the 2021 Verizon DBIR report, of the 3,841 security breaches reported using social engineering, phishing was the key vector for over 80% of them.
Download Now
The Business Value of the Social-Engineer Phishing Service
Cybercriminals are targeting the human element of organizations. Additionally, they are developing techniques to use an organizationā€™s employees as the first point of entry. According to the 2021 Verizon DBIR report, of the 3,841 security breaches reported using social engineering, phishing was the key vector for over 80% of them.
Download Now