With the holidays over and a new academic year underway, early February is prime time for criminals to commit identity theft by filing fraudulent tax returns. 

We’ve seen the recent news about security breaches and ransomware attacks happening worldwide. While our IT and security teams handle threats daily, in the end, you help us secure our campus. Preventing tax fraud is one of the areas where you are at the forefront. 

Protect your social security number and your personal tax information as though they were cash. If you e-file, the IRS has safeguards to reduce fraud. If you use a preparer, the IRS has provided them with information about how to protect your information. The IRS has also opened its Identity Protection PIN program on a voluntary basis to all taxpayers in 2021 at www.irs.gov/identity-theft-fraud-scams/get-an-identity-protection-pin.

If you get your W-2 statements online from UCPath, you need to enroll in multi-factor authentication (MFA) at it.ucsb.edu/mfa. 

Criminals target the time immediately before and after most companies release W-2 statements. You can make it more difficult for them to victimize you. 

It’s common for criminals to impersonate the IRS via email. The messages look official and are sometimes threatening. The IRS has published the following steps to help you protect yourself against phishing and other email scams. 

  • Be vigilant and skeptical. Never open a link or attachment from an unknown or suspicious source. Even if the email is from a known source, approach with caution. Cybercrooks are good at impersonating trusted businesses, friends, and family. This even includes the IRS and others in the tax business.
  • Double-check the email address. Thieves may have compromised a friend’s email address. They might also be spoofing the address with a slight change in text, e.g., using narne@example.com instead of name@example.com. Merely changing the “m” to an “r” and “n” can trick people.
  • Remember that the IRS doesn't initiate spontaneous contact with taxpayers by email to ask for personal or financial information. This includes asking for information via text messages and social media channels. The IRS does not call taxpayers with aggressive threats of lawsuits or arrests.
  • Do not click on hyperlinks in suspicious emails. When in doubt, do not use hyperlinks and go directly to the source’s main web page. Remember that no legitimate business or organization will ask for sensitive financial information by email.
  • Use security software to protect against malware and viruses found in phishing emails. Some security software can help identify suspicious websites that cybercriminals use.
  • Use strong passwords to protect online accounts. Experts recommend using a passphrase, instead of a password, use a minimum of 10 digits, including letters, numbers, and special characters.
  • Use MFA when offered. MFA means that in addition to entering a username and password, the user must enter a security code. This code is usually sent as a text to the user’s mobile phone. Even if a thief manages to steal usernames and passwords, it’s unlikely they would also have a victim’s phone.
  • Report phishing scams. Taxpayers can forward suspicious emails to phishing@irs.gov.

If you become a victim of identity theft and tax fraud despite these efforts, the IRS has guidance to help you at www.irs.gov/newsroom/taxpayer-guide-to-identity-theft. The California Attorney General also has helpful information at oag.ca.gov/idtheft.

April 15 is charging up, but the risk of identity theft and fraud continues throughout the year. If you are the victim of tax fraud or identity theft, please contact Kip Bates, Interim Chief Information Security Officer, at kip.bates@ucsb.edu.