Christina Warren was about 12 years old when she started receiving credit card bills. After that, she started getting collection notices. It was at that point that her parents had to convince the creditors that their daughter’s identity had been stolen.
As CNN tells it, credit reporting agencies told Warren that they fixed the issue, but she later had trouble getting her first credit card.
You can see the appeal of targeting children: credit-wise, they present a clean slate. Given that they won’t be working or filing tax returns for years, identity theft on children can go on, undetected, for over a decade. In fact, a 2011 report from Carnegie Mellon University’s CyLab found that 10.2% of the 40,000 children whose identities were scanned in the report had someone else using their Social Security number – that’s 51 times higher than the 0.2% rate for adults in the same population.
Now, it seems that identity thieves are after the details of not just children, but babies too. Security researchers have found Social Security numbers, mothers’ maiden names and dates of birth for babies, selling for hundreds of dollars on the dark web.
Terbium Labs, which focuses on dark web data intelligence, said last week that in addition to child data it’s seen listed for sale, it’s also now seeing information “specifically advertised as infants’ data.”
The researchers came across one vendor on the dark web, Dream Market, that had listed “Infant fullz get em befor tax seson [sic].” “Fullz” refers to full identity packs that contain first and last names, Social Security numbers, dates of birth, and other personal information. To commit tax fraud – and we are in tax fraud season right now, in the months leading up to the standard US filing deadline of April – a fraudster needs a fullz, and he needs a W-2 form, employee identity numbers or paystubs.
How much will all that set an identity thief back? Terbium Labs says that for the “relatively high price” of $312, a buyer can purchase an infant’s name, Social Security number, date of birth, and mother’s maiden name. All a thief has to do is claim a child dependent that they don’t actually have, and presto: that $312 investment turns into the maximum child tax credit of $1,000 per child.
As far as committing tax fraud on an adult, the thief would need the W-2. That’s also available on Dream, for $52. Again, that’s peanuts compared with the money a fraudulent tax return can make. There are even lower prices out there for W-2 forms: the researchers have spotted them priced at $45 each, or even discounted to $35 each for orders of 10 or more.
The crooks can also get enterprising and turn an infant into a tax-paying, tax return-filing wage slave through the magic of scouring the internet to find parents’ full names – social media accounts come in handy for that.
Dark web vendors are happy to oblige when fledgling fraudsters need help in getting up to speed on tax fraud. There are tax fraud guides for sale, ranging from what Terbium Labs found being sold for anywhere between $2 and $175 – or in some cases free on carding forums. Terbium says they’re often posted as “security exercises for discussion.”
The quality varies, Terbium says. Most of the time, the thieves keep their tips and tricks close to the vest:
While many guides for sale on the dark web are essentially useless either because they are out of date or because they do not contain any topical information at all, a high quality guide walks buyers through the process of committing fraud. The most useful guides may not be publicly advertised at all; rather than selling to just any buyer, experienced fraudsters tend to keep the most valuable tips and tricks to themselves, or circulate it among a small, trusted group.
As tax season approaches, tax fraud spikes. This year has brought a massive tax code overhaul to the US, while law enforcement has cracked down on all types of illegal activity on the dark web, but none of that will dissuade the money machine, Terbium predicts:
As always, fraud finds a way.
What to do?
The Federal Trade Commission (FTC) provides tips and advice on how to avoid having a thief misuse your child’s information to commit fraud and how to detect it if they have. One such warning sign might be a notice from the IRS saying the child didn’t pay income taxes, or that the child’s Social Security number was used on another tax return, for example.
Pity the IRS its Cassandra fate: it’s apparently cursed to speak true prophecies that no one believes. The IRS saw a huge spike in phishing and malware attacks during the 2016 tax season, which came on top of a 400% increase in phishing and malware in 2015. And in early 2017, the US tax agency sent out an urgent warning about a new type of tax fraud taco: CEO spearphishing fraud stuffed with W-2 tax form scamming and a dollop of wire fraud on top.
But according to the second annual Tax Season Risk Report from ID theft protection firm CyberScout, a survey from last year showed that the public’s not using the security practices we need to protect ourselves from identity theft.
As in, 58% of people in the US simply don’t worry about tax fraud. They should! In November 2016, the IRS said that it had stopped 787,000 confirmed ID theft returns that year, totaling more than $4 billion in potential fraud.
So that’s one simple thing we can do to prevent tax fraud: listen to the IRS!
Unstick your kid from the web of tax fraud
Getting a child tax-fraud victim out of the mess is similar to how it’s done for people of any age. Here are the FTC’s tips and resources:
- Contact each of the three nationwide credit reporting companies.
Send a letter asking the companies to remove all accounts, inquiries and collection notices associated with the child’s name or personal information.
Explain that the child is a minor and include a copy of the Uniform Minor’s Status Declaration.
- Place a fraud alert.
- Learn about your rights.
The credit reporting company will explain that you can get a free credit report, and other rights you have.
- Consider requesting a credit freeze.
The credit reporting companies may ask for proof of the child’s and parent’s identity.
- Order the child’s credit reports.
Review the credit reports.
- Contact businesses where the child’s information was misused.
- Create an Identity Theft Report.
- Learn more about repairing identity theft.
- Update your files.
Record the dates you made calls or sent letters.
Keep copies of letters in your files.
How to keep your kid out of that web in the first place
It’s a lot of time and work to fix identity theft. Better still to protect children from identity misuse in the first place. More tips from the FTC:
- Stash all paper and electronic records that show your child’s personal information in a safe place.
- Don’t be too obliging when it comes to handing over your child’s Social Security number or other taxpayer ID. Rather, ask questions, as in: Who’s asking for my kid’s identity information? Why do they need the data? Do you trust them? How do they plan to protect the data? Can they use a different identifier, such as the last four digits of a Social Security number?
- Shred documents that show your child’s information before throwing them away.
- Be aware of events that can trigger identity theft: loss of a wallet or purse with a child’s information inside, a home break-in, or a notice from a school, doctor’s or dentist’s office saying that they’ve had a security breach, for example.
The FTC also has a range of ways to limit your child’s risk of identity theft – check them out here.
Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/BXCjcqshHrU/
