Skip to main content

Incognito — April 2023: Tax Return Fraud is More Common Than You Think

March 27, 2023

Welcome to the April 2023 issue of Incognito, the monthly newsletter from DeleteMe that keeps you posted on all things privacy and security.

Here’s what we’re talking about this month: 

  • With tax season coming to an end, learn how to spot tax identity theft and why it happens. 
  • Recommended reads, including “Beware “Pig Butchering” Scams, Says the FBI.”
  • Q&A: Why am I getting so many spam emails lately?

If you know someone who might enjoy learning more about data privacy, feel free to forward them this newsletter. 

If you haven’t yet filed your tax return, a criminal might have already filed it on your behalf.

Identity thieves love tax season. Here’s why—and how you can protect yourself from tax identity theft. 

Tax Identity Theft—More Common Than Most Realize

Tax identity theft shot up during the COVID-19 pandemic, increasing by a whopping 45% compared to pre-pandemic years. 

  • While rates of tax identity theft have since declined somewhat, theft involving tax returns remains one of the most common types of fraud. 
  • In its latest report, the FTC identified tax-related fraud as the fifth most common form of identity theft.

How Tax Identity Theft Happens

Tax identity theft occurs when a criminal gets their hands on a person’s Social Security number and other personal information, like their birth date or home address, and uses this information to file a phony return in their name. They then collect their victim’s refund. 

“[Tax identity theft] is one of the most lucrative ways that thieves can monetize our identity credentials,” said Identity Theft Resource Center’s president Eva Velasquez in a CNBC article

Often, the victim doesn’t discover stolen identity refund fraud until they file their tax return to the Internal Revenue Service (IRS), and it’s rejected as a duplicate.

How Tax Identity Thieves Get Our Personal Info

It’s not difficult for criminals to access your personal information—even your SSN.

Bad actors have many different ways of obtaining your sensitive data. 

  1. Data breaches. 

Cyber attacks like the recent PayPal breach frequently expose individuals’ personal details. 

These details are then shared on the dark web, where other bad actors can access them for free/a small fee. 

According to an NBC News interview with financial planner Kelley Long, “it’s safe to assume your Social Security number is in the hands of someone you don’t want to have it. Whether you’ll be a victim is kind of up to chance.”

  1. Data brokers

Data broker profiles can provide cybercriminals with a ton of personal data. Much of which they can use to carry out identity theft.

This includes names and addresses as well as information used as answers for security questions (i.e., mother’s maiden name, address history, etc.) 

Although most data brokers swear they don’t sell SNNs to unauthorized third parties, criminals can circumvent these restrictions. 

For example, by using legitimate customers’ IDs and passwords, pretending to be private investigators, or simply breaching data brokers. There are also plenty of cases where data brokers accidentally exposed their databases on the internet.

  1. Phishing scams

Bad actors can also phish individuals for their sensitive data. 

Even though more people know about phishing scams, 68 million Americans fell victim to a phishing scam last year. This is up from 59.4 million the year before.

Spear phishing scams, where cybercriminals target specific consumers or groups of consumers, are particularly difficult to spot. For these attacks, bad actors often use personal information found on public records, data brokers, social media sites, and other internet sources. 

6 Tips to Fight Tax Identity Theft

  • File your tax return early. Criminals usually file bogus tax returns at the start of the tax season, so filing early can reduce the risk that someone else will do it on your behalf.
  • Opt out of data brokers. The less information there is about you on the internet, the more difficult it will be for bad actors to steal your identity. 
  • Be wary of phishing scams. These can take the form of emails, texts, social media messages, or calls. Identity thieves often pretend to be legitimate organizations like credit card companies, banks, or the IRS to extract personal information from you. Note that the IRS will never contact you by email, text, or social media. 
  • Use strong, unique passwords and multi-factor authentication for every account. This can help you avoid falling victim to credential-stuffing attacks. 
  • Look for a reputable tax preparer. Phony tax preparers can file incorrect returns to claim fraudulent returns. 
  • Be on the lookout for early signs of tax identity theft. For example, a notice from the IRS saying you owe additional tax or that your online account was accessed/disabled when you know you didn’t do it. 

Mozilla’s Email Masking Feature to Become Part of Its Browser

Mozilla announced that Firefox Relay, its email masking feature that was up to now only available as an extension, will become integrated into its browser. Introduced in 2020, Firefox Relay lets users create email aliases to hide their actual email addresses and preserve their privacy. The feature is available only to a limited number of sites and users but will be expanded to everyone as the year goes on. 

Beware “Pig Butchering” Scams, Says the FBI

The FBI has warned of an increase in cryptocurrency investment scams, known as “pig butchering,” that have conned victims out of more than $2 billion in 2022. The scams rely on fraudsters building relationships with their targets via social media platforms and messaging apps. Once there’s trust, they introduce victims to a crypto investment scheme. When victims try to withdraw money, they’re told they need to pay taxes or fees. 

The Government Was Heavily Involved in Facial Recognition Research

According to newly emerged internal documents, the Defence Department and the FBI were deeply involved in facial recognition software research and development. The goal was apparently to be able to identify people’s faces in public spaces through street cameras and flying drones. The most recent documents are from 2019. There is no information on whether the research is deployed and, if so, how.

Movements of Former Biden Official Exposed by Hiking App

A security researcher claims to have pinpointed the precise movements of a former top Biden administration official via a hiking app called AllTrails. The researcher was able to see the official visiting locations like the White House and what appears to be his own home through the app. Like many other exercise apps, AllTrails user activity is set to public by default, putting them at risk of stalkers and other bad actors.

You Asked, We Answered

Here are some of the questions our readers asked us last month.

Q: Why am I getting so many spam emails lately?

A: If you’re getting an influx of spam, it’s likely that your email was recently harvested from somewhere. For example, the dark web (check if your email was in any recent breaches using the Have I Been Pwned tool) or a data broker. 

The best thing to do here is to move these kinds of emails to spam. Do not open them, respond to them, or click unsubscribe (unless you know for a fact they come from a legitimate organization). Doing so can validate your address, leading to you getting even more spam. 

If the amount of spam emails you’re getting is ridiculous (i.e., in the hundreds), you may want to go through the emails one by one. That’s because scammers sometimes spam victims with emails to hide legitimate emails. For example, an email from Amazon thanking you for an order you did not make. This is known as a “mail bomb” or “registration bomb” and is an effective way to mask financial fraud. 

One way to fight spam is to use email aliases. However, not all websites allow these. Some people also use different email addresses for different purposes (for example, financial matters, social media, etc.) 

Depending on your email provider, you can also create rules to filter emails or make filtering more aggressive. 

Q: Is it possible to delete photos of my house off the internet?

A: Yes and no. 

There are guides online on how you can remove your home from sites like Zillow, Redfin, and, as well as Google Street View

However, your house will still appear on the Multiple Listing Service (MLS), which will distribute your house photos and information to hundreds of other websites. Few people have had success with removing photos of their house from the MLS. 

The best way to get your home photos deleted off MLS is to ask for this prior to closing and make it a contingency of the sale. 

Back to You

We’d love to hear your thoughts about all things data privacy.

Get in touch with us. We love getting emails from our readers (or tweet us @DeleteMe).

Don’t forget to share! If you know someone who might enjoy learning more about data privacy, feel free to forward them this newsletter. If you’d like to subscribe to the newsletter, use this link.

Let us know. Are there any specific data privacy topics you’d like us to explore in the upcoming issues of Incognito? 

That’s it for this issue of Incognito. Stay safe, and we’ll see you in your inbox next month. 

Laura Martisiute is DeleteMe’s content marketing specialist. Her job is to help DeleteMe communicate vital privacy information to the people that need it. Since joining DeleteMe in 2020, Laura h…

Don’t have the time?

DeleteMe is our premium privacy service that removes you from more than 30 data brokers like Whitepages, Spokeo, BeenVerified, plus many more.

Save 10% on DeleteMe when you use the code BLOG10.

Hundreds of companies collect and sell your private data online. DeleteMe removes it for you.

Our privacy advisors: 

  • Continuously find and remove your sensitive data online
  • Stop companies from selling your data – all year long
  • Have removed 35M+ records of personal data from the web

Special Offer

Save 10% on any individual and family privacy plan with code: BLOG10

Related Posts

We originally published this post on our Online Privacy Blog, but we’ve updated it here as the s…
We originally published this post on our Online Privacy Blog, but we’ve updated it here as the s…
We originally published this post on our Online Privacy Blog, but we’ve updated it here as the s…