12 Tips To Thwart Tax-Time Identity Theft

With a growing number of people turning to online tax services to file taxes -- according to the IRS, 77 million people filed electronically last year -- thieves and scammers will be on the lookout to find avenues into stealing personal and financial information. As cases of identity theft become more and more common, it's not hard to imagine that tax-time can be a feeding frenzy for the ill-willed.

Tax documents are treasure trove for identity thieves. They contain social security numbers, names, addresses and a host of financial information. It's estimated that more than 8 million Americans fall victim to identity theft each year and the Federal Trade Commission recently reported that the No. 1 category of complaint they received in 2007 concerned identity theft, which made up 32 percent of total complaints received. Internet fraud-related losses averaged slightly more than $2,700 per person victimized, the FTC said.

To avoid getting scammed, here is a list of tips to help prevent identity theft as you prepare your taxes, both electronically and physically, for the April 15 deadline.

Protect It With A Password

Printing out a tax return may seem relatively innocuous, but it's important to password-protect all returns that you print to PDF from your tax software so your social security number is secure.

"If you're going to print your tax return right there, password protect it," said Todd Feinman, CEO of Identity Finder, a software tool for companies and consumers that when loaded onto a computer locates areas where personal information is stored so users can protect it.

Lock Down Folders

Peer-to-peer file sharing programs have the potential to expose everything saved on a computer. Feinman recommends configuring all peer-to-peer file sharing programs to disable the sharing of personal folders so identity thieves can't download tax returns.

Feinman said file sharing is likely the most dangerous and detrimental error that can be made during tax season. Peer-to-peer tools let potential thieves search for keywords which, if files aren't protected, could allow them to download a tax return.

Feinman recalled the case of a 35-year-old Seattle man who pleaded guilty in November to stealing personal information from tax returns and other financial documents using peer-to-peer file-sharing programs to access victims' computers.

Encrypt Your Emails

Don't email tax documents to your accountant unless they are encrypted to prevent anyone who may be snooping on your network from gaining access to your financial information.

While it may seem like common sense, Feinman said many people still send important information in unencrypted emails, shipping that information off into cyberspace where it can be intercepted and read by almost anyone who wants it.

More Password Protection

For certain things, you may use your birthday or your mother's name for a password. But if you download W2 forms, 1099s or other tax documents from your employer, Feinman suggests creating a strong password when registering to download them. Simple passwords can be easily guessed by strangers and thieves.

"It's good to use a different password for these places than the password you use when you're buying toiletries from Wal-Mart," he said.

Remember: The IRS Won't Email You

If you get an email saying it's from the IRS, it isn't. The IRS does not contact taxpayers via email to request personal information to process returns, rebates or refunds. If you get an email purporting to be from the IRS, don't respond. It's most likely a phishing attack.

Don't Trust Email? Protect Your Snail Mail Too

When you mail your tax return to the IRS, make sure it is mailed from a secure location like the post office or an official USPS collection box. Don't let it sit in the box overnight, because it could be stolen. For extra peace of mind, use certified mail.

"Someone could break into the box overnight and steal your information," Feinman said. "Or, if you're sending a check, they could take that and try to cash it."

Don't Phone It In

If you receive an unsolicited phone call from someone claiming to be from the IRS, hang up. Don't give out any personal information over the phone. After hanging up, call the IRS directly.

Make Sure Sites Are Secure

If you end up owing money and pay electronically via the Internet, or are due a refund and elect to have it direct-deposited, make sure any Websites you enter account information into are secure.

Don't Dread It, Shred It

Any unsecured documents containing personal information used to prepare your tax return should be permanently shredded from your computer. Same goes for printed documents, a traditional shredder should be used to obliterate them. Electronic shredding permanently removes documents from your computer or alters them in a way that they become forever unreadable.

Zap It From Memory

Many photocopiers store images in their memory. If you make photo copies of financial documents, make sure the copier hasn't stored it to memory.

Update Your OS

It may sound like a no-brainer, but installing the latest updates and patches to your operating system so any known Windows or Mac flaws or vulnerabilities can't be exploited by hackers and thieves can offer great protection.

"I know it's frustrating and I know it's a pain in the butt, but ultimately this can help," Feinman said, adding that new OS vulnerabilities make hackers salivate, since they know a number of people won't update their machines right away.

Again, Be Careful With Passwords

Yeah, having passwords auto-fill makes things a lot easier. But when it comes to financial records and tax documents, it's wise not to save your passwords in your Web browser. If you get hacked or fall victim to a virus or Trojan, your stored passwords and personal information could be leaked, giving criminals access, to banks and other financial institutions that store your personal information.

In November, a 26-year-old hacker pleaded guilty to felony charges after he and a pair of others broke into about 250,000 PCs. On more than 130,000 machines, the thieves installed malicious bots that let them steal any user names and passwords that the victims had saved in Internet Explorer.