MONEY ID Theft

7 Ways to Keep Your Tax Refund Safe From Thieves

black glove holding US Treasury check
Sarina Finkelstein (photo illustration)—Getty Images (glove); Dan Sullivan/Alamy (check)

To make sure your hard-earned money doesn't fall into the wrong hands, protect your identity this tax season.

The tax season officially opened on January 20, meaning it’s time for that dreaded (but inescapable) annual job: filing your tax return.

One group isn’t putting off that task. Identity thieves may have already filed a return in your name—and made off with your refund check.

In 2013, the IRS mistakenly paid out more than $5 billion worth of refunds to identity thieves, according to the Government Accountability Office. The agency estimates it stopped another $24.4 billion in attempted fraud, and the problem may be even bigger than that. Considering that most refunds are for a few hundred to a thousand dollars, that’s a staggeringly large number of false returns.

And despite the IRS’s efforts to fight fraud, tax-and-wage-related identity theft still made up a third of ID-theft complaints to the Federal Trade Commission last year.

One reason this kind of fraud can happen is that the IRS processes refunds as quickly as possible, typically within 21 days, and matches up the verifying information later. That way you don’t have to wait six to nine months for a refund.

When you file early, the IRS might not even have everything it needs to verify your information. Your employer must send you your W-2 income statement by the end of January, but it doesn’t have to file that information with the government until March. The IRS often doesn’t even begin checking returns against W-2s until July, meaning it can take a year or longer for the IRS to spot the theft, the GAO report found.

You can reduce you odds of becoming a victim by making these seven smart moves.

1. Be the First to File

“You’ve got to beat the crooks to the punch,” says CPA Troy Lewis, chairman of the American Institute of CPAs’ tax executive committee. “Since January 20, it’s been open season, and they know that the first filer wins.”

Once the IRS receives a return with your Social Security number, the agency will reject any duplicate filings. So even though your return is the legitimate one, if it is second you will have to go through a verification process with the IRS.

If you owe money and want to delay paying as long as possible, file early anyway. You have until the April 15 filing deadline to mail you check regardless of when you submitted your return.

2. Eliminate the Paper Trial

Elect to have all tax documents delivered electronically, including your W-2 and 1099s. If e-delivery isn’t for you, opt for a P.O. Box or locked mailbox. “Toward the end of January is prime time for this,” says Lewis. “Thieves know that’s when W-2s are sent out.” Be sure to destroy extra copies or old tax paperwork as well. All thieves need is your date of birth and Social Security number to file in your name.

3. Put A PIN On It

The IRS is piloting an initiative, available to taxpayers in the tax fraud hotbeds of Florida, Georgia, and D.C., for a single-use, identity protection personal identification number.

To get the six-digit number, you need to register and verify your identity online. This PIN must be on all tax forms for your return to be processed, giving you an extra layer of security. Anyone who has had their identity stolen and reported it to the IRS will automatically receive a PIN annually.

The downsides: It’s another piece of information to remember and guard, and once you’ve opted into the service you can’t opt out.

You can sign up for a PIN on the IRS website.

4. Secure Your Network

This step is easy: Never file electronically over public wi-fi or a network that’s not password protected. Keep your antivirus software up to date and use a firewall.

5. Hang Up

Be wary of email or phone calls claiming to be from the IRS. An unexpected email from the IRS, notifying you about an outstanding refund or a pending investigation, say, is always a scam. The IRS will never initiate contact via email to request sensitive information.

If you do receive an email that appears to be from the IRS or the Electronic Federal Tax Payment System, forward the message to phishing@irs.gov. Don’t click any links within the email, even if the URL appears to be connected to the IRS website.

You should be equally suspicious of out-of-the-blue phone calls purporting to be from the IRS. Scammers typically say you’re entitled to a huge refund, or they may threaten you with arrest to get you to reveal personal information.

More sophisticated scammers may know the last four digits of your Social Security number and use that to win your trust, warns the IRS. Other scammers imitate the IRS toll-free number on your caller ID.

The best thing to do if you get a call: hang up. If you think the IRS may have a legitimate reason for contacting you, call them back (800-829-1040).

6. Pick a Preparer Carefully

Three in five taxpayers will get help preparing their taxes this year, the IRS reports, but not all help is equal. Some shady preparers set up shop to snag your personal information or make off with your refund. And no matter who prepares your return, you’re responsible for what is on it.

First, check that the pro has a preparer tax identification number. All paid tax preparers must have one. That’s just a start. “Some people may try to pass their tax preparer identification number off as a license, but it’s just an ID from the IRS. It’s not a sign of authenticity or knowledge,” says Valrie Chambers, a CPA and Stetson University accounting professor.

Ask what professional organizations the pro belongs to. Check with the Better Business Bureau to see if complaints have been lodged against him or her. Make sure licenses are up to date and whether any disciplinary actions have been taken—this IRS guide lists which agencies supervise different kinds of pros.

“You want someone with a license, a reputation, a permanent shop,” says Chambers. “You’re giving this person all your information: your Social Security number, your bank routing number.”

7. Have Less to Lose

If you’re expecting a big refund this year, you have a lot of money at stake. By adjusting your tax withholding so that you get a small refund or even owe a small sum, any fraud-related delay won’t cause you as much financial hardship. “You don’t want to be dependent on this money,” says Lewis.

MONEY credit cards

5 Ways Your Credit Card Can Be Stolen Right Under Your Nose

woman using ATM machine at night
Maciej Toporowicz—Getty Images/Flickr

Card thieves have many techniques for stealing your data without you noticing.

There are several things people freak out about when their wallets or purses have been stolen: knowing a thief has your ID (and your home address), losing irreplaceable gift cards or cash, and having to cancel your credit cards. That’s usually the first thing people do — call their banks — but it’s easy to act quickly when you realize you’ve been robbed. Sometimes, it’s not that simple.

Thieves steal credit and debit cards all the time without taking the physical card. The most common kind of card theft results from data breaches. Last year, millions of U.S. consumers had their cards replaced after their information was compromised in one of the massive cyberattacks on retailers, even if their cards didn’t show unauthorized activity. People have gotten used to the idea that data breaches are inevitable, but there are lots of daily activities that put your cards at risk for theft, without you noticing.

1. Drive-Thru

A Pennsylvania woman was recently arrested for allegedly swiping customer cards on a personal card reader while she worked the drive-thru at a Dunkin’ Donuts, WFMZ reports, reportedly using the information to create duplicate cards and charge more than $800 to the accounts.

That’s not the first time a story like this has popped up, and it’s likely to happen again, because the situation presents an easy theft opportunity to drive-thru workers: Customers hand over their cards and usually can’t see what the cashier is doing with it on the other side of the window. It’s not like you should avoid the drive-thru for fear of card theft, but it’s one of many reasons to regularly check your card activity for signs of unauthorized use.

2. Restaurants

How often do you see your server process your dinner payment? Usually, he or she takes your card away from your table and completes the transaction out of your sight. Many restaurant workers have taken advantage of this situation to copy customers’ cards and fraudulently use the information.

3. On the Phone

People are pretty trusting when making orders over the phone, assuming that whoever takes the order is entering the credit or debit card number, expiration date and security code into a payment system, not just copying it down for their own use. On the flip side, it might not be the person on the other end of the call you should worry about — plenty of people read their card information aloud within earshot of strangers, making it easy for someone nearby to write down the numbers.

4. RFID Scanners

Most radio-frequency identification (RFID)-enabled credit and debit cards have a symbol (four curved lines representing a signal emission) indicating the card has the technology for contactless payment. If you have one of these cards, you have the ability to use tap-and-pay terminals found at some retailers, because your card sends payment information via radio frequencies, received by the terminal.

That same technology also allows thieves to use RFID scanners to copy your card data if they get close enough to it and your card isn’t protected. If you’re not sure your card has RFID technology, call your issuer, and if it does, use signal-blocking materials and products to protect it.

5. Card Skimmers

Thieves have been installing copying devices at gas pumps and ATMs for years: They tamper with card readers to install skimmers that copy your card data when you swipe it, so a thief takes your credit or debit card information while you complete an otherwise routine transaction. Experts advise you look closely at card readers for signs of tampering, use ATMs serviced by your bank and check your card activity regularly for signs of fraud.

That’s really the best way to combat credit card theft: Watch closely for it. With online banking and mobile applications, it’s easy to check your accounts every day, making it more likely you’ll spot something out of the ordinary than if you only looked at card activity once a week or so. You can also check your credit score for sudden changes, which can be a sign of fraud or identity theft. You can get two of your credit scores for free every 30 days on Credit.com.

MONEY state of the union

What Every Consumer Should Know Before Watching the State of the Union

State of the Union address 2014
Jonathan Ernst—Reuters

A sneak peek at what Obama’s State of the Union ideas could mean for your wallet.

This year, President Obama broke with tradition and started previewing his State of the Union proposals in the two weeks before the big event. He went to Tennessee to talk about community college, to Iowa to talk about broadband, to the Federal Trade Commission to talk about identity theft, and even to LinkedIn, where his senior adviser published his plan about paid time off.

As a result, we already have a pretty good idea of what we’re going to hear Tuesday night—and what it actually means. Here’s MONEY’s take on Obama’s proposals.

1) Obama wants to raise taxes on the rich and give credits to the less-rich; Republicans say, “Yeah, right.”

On Saturday, the White House announced a proposal to raise the capital gains tax from 25% to 28% and close what’s sometimes called the “trust fund loophole.” Obama wants to use the revenue to create a $500 tax credit for families with two working spouses; expand the credits available to families with children; expand the education tax credit for college students; and force businesses without retirement plans to automatically enroll workers in IRAs. Republicans have said this plan is a nonstarter.

While political observers agree that these ideas stand little chance of becoming law, consider this Obama’s opening argument in the coming debate about tax code reform. Read more >>

2) Obama’s broadband plan might just fix the internet.

Think of it as the internet’s “public option.” Some cities, like Chattanooga, Tenn., have much faster internet than the rest of us. That’s because municipalities have built their own broadband networks to compete with internet providers like Comcast and Time Warner Cable, driving prices down and speeds up.

So why won’t your town do the same? Because it’s often illegal—19 states have laws preventing municipalities from creating their own networks. Obama plans to ask the Federal Communications Commission to override these laws. We don’t yet know if the FCC has the authority to do that, but if it does, Obama’s plan could change the way Americans access the internet. Read more >>

3) You already have identity fraud protection tools that are better than the ones Obama proposed.

Obama’s plans to fight identity theft aren’t nearly as ambitious. First, he’ll call on Congress to pass a new law requiring companies to tell you within 30 days if your personal data is exposed. Second, he’ll call on banks and financial institutions to give you access to your credit score for free.

But that won’t do much to protect your money. Most states already have even stricter laws about security breach notifications, and by the time an identity thief has tanked your credit score, it’s way too late. Instead, you’re better off with the tools you already have: chip-and-signature credit cards and free credit reports. Here’s what you can do today to beef up your fraud protection. Read more >>

4) President Obama will push for paid sick leave and paid maternity leave—but look to your city hall instead.

The United States lags behind the rest of the world when it comes to paid time off: 88% of American workers have no paid family leave, 39% have no paid sick leave, and 15% don’t even have unpaid leave. Obama wants to change that, starting with the Healthy Families Act, a bill that would let workers earn up to seven days of paid sick leave. He also wants to sign a memorandum giving federal workers at least six weeks of paid leave after a child is born.

But listen for more details about his third idea, to help states and towns start their own sick leave programs. Local government has been leading the way on this issue: California, New Jersey, and Rhode Island offer paid family leave, and more than a dozen cities have started offering paid sick days. Change seems more likely at the local level, so what specifically does Obama want the federal government to do? Read more >>

5) There’s not much hope for the free community college plan—but that’s okay.

Obama wants to offer free community college to about 9 million students every year. If you think that sounds great, don’t get too excited. Experts say the plan is dead on arrival—it’s too expensive, Republicans will never support it, and community colleges wouldn’t even be prepared for the influx of students. But there are already a ton of ways to take community college classes for free, or close to it. Read more >>

6) Lower mortgage insurance premiums will save homeowners money. But will that really help the housing market?

The Federal Housing Administration plans to lower government mortgage insurance premiums from 1.35% of the loan amount to .85%. That translates to a savings of about $900 a year. The hope is that will encourage more Americans—especially first-time buyers—to enter the housing market. But there are other reasons why this demographic hasn’t started shopping yet. Plus, Republicans are afraid the change could put more homeowners at risk of default. Read more >>

7) Book your trip to Cuba today.

Here’s the rare foreign policy issue with implications for your spring break: Pack your bags for Havana! While the announcement wasn’t part of Obama’s State of the Union “spoiler” tour, Obama is sure to talk about his decision to reestablish diplomatic ties with Cuba—and new travel rules went into effect on Friday.

Starting January 16, you no longer need a special government license to travel to Cuba, and neither do airlines or travel agents. Since the rules have been loosened, prices are expected to fall—but make your plans before demand picks up. Read more >>

TIME White House

How 7 Ideas in the State of the Union Would Affect You

President Barack Obama threw out a lot of big ideas during Tuesday night’s State of the Union address, but how would they affect you? Here’s a quick look at seven proposals he previewed even before the speech, in order of how likely they are to be enacted soon.

See TIME’s full State of the Union coverage here

Reducing mortgage premiums

The idea: Obama proposed reducing mortgage insurance premiums on government-backed loans rates in order to make it easier for low-income Americans to buy homes.

What he’s said: “For us, and millions of Americans like us, buying a home has always been about more than owning a roof and four walls. It’s about investing in savings, and building a family, and planting roots in a community … I’m going to take a new action to help even more responsible families stake their claim on the middle class and buy their first new home.” (Jan. 8, 2015)

How it would affect you: The proposal would cut insurance fees for homes bought with Federal Housing Administration-backed loans, saving borrowers an average of $900 a year.

Will it happen: Yes. The policy will be implemented by the Department of Housing and Urban Development, which is under Obama’s control.

MORE Obama Cuts Mortgage Insurance Premiums to Help Low-Income Home Buyers

Expanding travel to Cuba

The idea: Obama called for normalizing relations with Cuba, a process he’s already started by easing travel and commercial restrictions with the island nation.

What he’s said: “Neither the American, nor Cuban people are well served by a rigid policy that is rooted in events that took place before most of us were born… I believe that we can do more to support the Cuban people and promote our values through engagement. After all, these 50 years have shown that isolation has not worked. It’s time for a new approach.” (Dec. 17, 2014)

How it would affect you: You will soon be able to catch a flight directly to Cuba without getting a special license, use credit and debit cards there and bring back cigars.

Will it happen: Mostly. Obama has already taken steps to restore relations with Cuba, although Congress is unlikely to lift the 54-year-old trade embargo anytime soon.

MORE U.S. And Cuba Move to Thaw Relations After Prisoner Exchange

Cutting methane emissions

The idea: Obama called for reducing methane emissions in the oil and gas industry by fixing leaky equipment and reducing “flaring” of natural gas.

What he’s said: Speaking about a photograph of Earth from space: “And that image in the photograph, that bright blue ball rising over the moon’s surface, containing everything we hold dear — the laughter of children, a quiet sunset, all the hopes and dreams of posterity — that’s what’s at stake. That’s what we’re fighting for.” (June 25, 2013)

How it would affect you: Depending on where you live, the proposal could raise your energy rates. It would also reduce a potent greenhouse gas that contributes to climate change.

Will it happen: Likely. The proposal is part of the Environmental Protection Agency’s standard rules-making process, which Obama oversees.

MORE White House Targets Methane to Slow Climate Change

Preventing ‘fast lanes’ on the Internet

The idea: Obama called for the Federal Communications Commission to reclassify broadband Internet as a utility, which would give regulators more power over providers like Comcast.

What he’s said: “High-speed broadband is not a luxury, it’s a necessity. … This is about helping local businesses grow and prosper and compete in a global economy. It’s about giving the entrepreneur, the small businessperson on Main Street a chance to compete with the folks out in Silicon Valley, or across the globe.” (Jan. 14, 2015)

How it would affect you: Some Internet providers want to offer so-called “fast lanes” for customers who pay more. This proposal would likely bar that.

Will it happen? Unclear. The FCC is an independent agency, but Obama’s backing gives the idea much more prominence in the debate.

MORE All Your Questions About Obama’s Internet Plan Answered

Notifying consumers of data hacks

The idea: Obama called on Congress to pass the Personal Data Notification and Protection Act, which would require companies to notify customers within 30 days if they’d been hacked.

What he’s said: “If we’re going to be connected, then we need to be protected. As Americans, we shouldn’t have to forfeit our basic privacy when we go online to do our business.” (Jan. 12, 2015)

How it would affect you: Over the last year, JPMorgan Chase, Target, Home Depot and P.F. Chang’s have all had data breaches. You might hear sooner about those if they affect you.

Will it happen: Unclear. Many states already require companies notify affected customers, so it’s not too heavy of a lift to call for a national standard.

MORE The One Foolproof Thing You Can Do to Protect Yourself from Identity Theft

Making community college free

The idea: Obama proposed the federal government work with states to offer two years of free community-college tuition to students who maintain good grades.

What he’s said: “For millions of Americans, community colleges are essential pathways to the middle class because they’re local, they’re flexible. They work for people who work full-time. They work for parents who have to raise kids full-time. They work for folks who have gone as far as their skills will take them and want to earn new ones…” (Jan. 9, 2015)

How it would affect you: If you’re looking to go to community college, you could save $3,800 a year on tuition. You could then use existing financial aid programs for housing and books.

Will it happen: Unlikely. Congressional Republicans are not likely to go along with the plan, which would cost up to $60 billion over 10 years.

MORE Obama Proposes 2 Years of Free Community College

Offering paid sick leave

The idea: Obama called on Congress to pass the Healthy Families Act, which would require companies to offer workers an hour of paid sick leave for every 30 hours they work.

What he’s said: “There are 43 million Americans who don’t get paid sick leave, which when you think about it is a pretty astonishing statistic. And that means that no matter how sick they are, or how sick a family member is, they may find themselves having to choose to be able to buy groceries or pay the rent, or look after themselves or their children.” (Jan. 15, 2015)

How it would affect you: Right now, most employers are required to offer up to 12 weeks unpaid leave for family health problems, but many workers can’t afford to take it.

Will it happen: Unlikely. Hill Republicans are unlikely to even allow a vote on the bill, which had only Democratic sponsors in the last Congress.

MORE President Obama Wants You to Get Paid, Even When You’re on Leave

Read next: Here’s the Full Text of President Obama’s 2015 State of the Union

Listen to the most important stories of the day.

MONEY identity theft

You Already Have Fraud Protection Tools That Are Better Than the Ones Obama Proposed

President Barack Obama arrives to speak at the Federal Trade Commission (FTC) offices at the Constitution Center in Washington, Monday, Jan. 12, 2015
Carolyn Kaster—AP

On Monday, President Obama previewed his two big solutions for the problem of identity theft. But it turns out they may do little for your wallet.

Americans are terrified of identity theft. They’re more afraid of identity theft than every other crime, Gallup says. And they have good reason to be: Over the past year, millions of consumers have had sensitive personal information exposed in data breaches.

Well, President Obama has heard your concerns. He’ll offer at least two big solutions in next week’s State of the Union address. Obama previewed those ideas during a speech at the Federal Trade Commission on Monday.

Bottom line: If you’re afraid of an identity thief racking up debts in your name, don’t rest easy just yet. Here’s what the president’s proposals wouldn’t accomplish—and what you can do instead to protect yourself.

#1: A federal notification requirement for security breaches

Obama’s idea: Pass a new federal law requiring businesses to tell consumers their personal information has been exposed within a month of a breach.

“Sometimes, folks don’t even find out their credit card information has been stolen until they see charges on their bill, and then it’s too late,” Obama explained during his speech at the FTC. “So under the new standard that we’re proposing, companies would have to notify consumers of a breach within 30 days.”

But Paul Stephens, director of policy and advocacy at the Privacy Rights Clearinghouse, says he worries that Obama’s national proposal could override existing state laws, which generally offer even stronger protections.

Altogether, 47 states have laws governing how businesses must notify consumers of security breaches. Most states “require notification in the most expedient/expeditious time possible and without unreasonable delay,” says Pam Greenberg of the National Conference of State Legislatures. Exceptions include Florida, which requires notice within 30 days, and Ohio, Vermont, and Wisconsin, which require notice within 45 days, according to Greenberg.

Stephens is also concerned that the legislation will give companies wide discretion to decide whether consumers are at risk—and, therefore, whether they need to be notified. “The mere existence of a breach should trigger mandatory reporting because individuals whose information has been breached have a right to know about it,” Stephens says.

What’s more, notes Stephens, in many cases it takes some time before the companies themselves know they’ve been hacked. And if law enforcement agencies are investigating the breach, authorities may ask companies not to disclose anything that would undermine the investigation.

We’ll have to wait and see on the details. The “Personal Data Notification and Protection Act” has not been introduced in Congress yet.

#2: Free credit scores

On Monday, the president praised JPMorganChase, Bank of America, USAA, and the State Employees’ Credit Union for offering their customers free credit scores as part of their packages of financial services. “We’re encouraging more companies to join this effort every day,” he said.

He’s had some help from the Consumer Financial Protection Bureau, which over the past year has been pressuring credit card companies to provide free access to FICO score information to help consumers make smarter financial decisions—and the effort is starting to bear results.

“This means that a majority of American adults will have free access to their credit score, which is like an early warning system telling you that you’ve been hit by fraud so you can deal with it fast,” Obama said on Monday.

But that’s where he’s wrong. Your credit score is the opposite of an early warning system—by the time your credit score has moved, you’re already in deep trouble, explains Odysseas Papadimitriou, CEO of CardHub.com, a credit card comparison site.

“Let’s say I steal your identity and I open a credit card under your name,” Papadimitriou says. “I get your credit card June 1. I get the bill July 1, that bill is due on August 1. I miss that payment. The next bill is due September 1. I miss that payment. At that point in time, I get reported—on September 1. All the damage is done. That’s why it’s completely useless.”

Having free access to your credit score is nice. But if the score is bad, it’s already too late.

What you can do now

First, get your hands on a “chip-and-signature” credit card. Experts are hopeful that this new technology could stem the near-constant retail data breaches. Visa and Mastercard have promised to update all their cards by October 2015.

Here’s how it works: The “chip” encrypts your transaction data, which should make it harder for hackers to raid retailers’ checkout systems and steal your credit card number. Stephens warns that identity thieves can still rack up fraudulent charges in your name if they get hold of your physical chip-and-signature card. A chip-and-PIN card is even better—that would require you to input a 4-digit PIN for any purchase. But any chip should help.

Second, check your free credit reports. Your credit report will show whether any new, fraudulent accounts have been opened in your name. Your credit score will only tank once someone has opened a fraudulent account and missed two payments. Papadimitriou thinks Congress should let Americans access their credit reports for free, at any time. Until then, you’re only entitled to one free credit report from each credit bureau every year—so check every four months.

While you’re at it, keep a close eye on your credit card statements. Report any suspicious charges. The good news is there are consumer protections in place to ensure you’ll get almost all of your money back in the event of fraud.

If an identity thief just stole your card number, you’ll ultimately owe nothing. If an identity thief stole your actual card, your liability is limited to $50 for credit cards and $500 for debit cards, depending on how early you report the problem. So you want to catch it early.

For more

MONEY identity theft

18 College Students Arrested in Tax Identity Theft Ring

Vice President Joe Biden, center, speaks during a graduation ceremony at the Miami Dade College in Miami, Saturday, May 3,2014.
Javier Galeano—AP

Students in Florida allegedly stole tax refunds.

In November, the U.S. District Attorney of Southern Florida charged 18 Miami Dade College students for allegedly using stolen identities to file fraudulent tax returns and receive the refunds on their student bank accounts, but investigators think there are more people who have carried out the scheme, the Miami Herald reports.

Higher One accounts allow students to receive their financial aid or student loan refunds directly to a bank account, usually with an associated debit card, rather than wait for the school to cut a check. Many students use their loan refund (the amount left over after the school has taken what it requires for tuition and fees) to handle their education-related expenses like housing, textbooks, food and extracurricular activities.

The investigation identified more than 1,000 student accounts at Miami Dade College, most of which were Higher One accounts, that were used in a tax-fraud scheme, according to a news release from the district attorney’s office. Identity theft is a common crime in Florida — it has the most fraud complaints per capita of any state, according to the Federal Trade Commission, and tax-related identity theft is the most common kind of fraud reported.

It’s unclear how this crime seems to have become a pastime for college students, but it wouldn’t be surprising if it was something students see as an easy way to make money: One of the Miami Dade College cases includes a student who allegedly received $53,272 of fraudulent tax refunds to his Higher One account.

That’s a significant sum to most people, let alone a college student, but identity theft and tax fraud are serious crimes, not just for the perpetrators, but also for the victims. First of all, it makes tax season that much more complicated for people whose personal information has been stolen and used to file fake tax returns, and they’ll almost certainly see a delay in receiving their legitimate refund. Some people really count on that money, making the crime a financial burden for victims.

Then there’s the lifelong stress of knowing your personal information has been stolen. You have no idea who has your Social Security number and if it’s being used fraudulently. You can minimize the negative impact of some types of identity theft by monitoring your credit, because any unexpected changes could be an indicator of fraud, but you often can’t detect anything until damage has already been done. Still, keep a close eye on your credit by getting your free credit report summary every 30 days on Credit.com.

The investigation revealed some student accounts were used for more than just tax fraud — they seemed to have stolen Social Security benefits, as well. If convicted, the students involved in the fraud could face federal prison time.

Some students’ alleged involvement was limited to allowing their accounts to be used to launder the stolen money in exchange for a few hundred dollars, the Miami Herald reports, and U.S. Attorney Wifredo Ferrer said he believes this issue isn’t limited to Miami Dade College.

“We applaud the announcement by the authorities in connection with tax refund fraud at Miami Dade College,” wrote Lauren Perry, spokeswoman for Higher One, in a statement emailed to Credit.com. “We have been working with the authorities on these types of cases in southern Florida for some time now. … We will continue to be vigilant in safeguarding our customers’ personal and financial information and will work with our bank partners to report these illegal activities to authorities.”

More from Credit.com

This article originally appeared on Credit.com.

MONEY identity theft

What to Do If Your Social Security Number Was Leaked like Sylvester Stallone’s

Sylvester Stallone taking a selfie
Xaume Olleros—AFP/Getty Images

This breach is a bad one: Criminals with access to your Social Security number can do far more damage than those with a hacked credit card number.

Hackers have done it again. This time, they went after Sony Pictures Entertainment, exposing Social Security numbers, contracts and taxpayer-identification numbers for 47,000 employees. That total includes some big names, including Sylvester Stallone and Judd Apatow. Even worse, the hackers have posted the information online. Guardians of Peace, a group thought to be affiliated with North Korea, has claimed responsibility for the hack.

This monumental hack is much worse than the average data breach. If your debit card number is compromised—think of Target’s data breach—the worst thing that happens is, after some headache, you get your money refunded and a new card. But if your Social Security number is compromised, identity thieves can wreak havoc on your life.

With a Social Security number, fraudsters can apply for credit cards, mortgages and other lines of credit in your name, racking up debt on your tab. That can ruin your credit, making it difficult for you to get a new credit card, mortgage, or even a job. Identity thieves can also file fraudulent tax returns in your name, robbing you of your return and causing chaos at the IRS.

Scared yet? If your Social Security number is ever compromised in a data breach, here’s what you should know about your options.

You probably can’t get a replacement Social Security number

You might wish you could just get a new Social Security number. Don’t bother, says Paul Stephens, director of policy and advocacy at the Privacy Rights Clearinghouse. First, it wouldn’t be effective: Government agencies, credit bureaus and businesses will still associate you with your old, compromised number. Meanwhile, you’ll need to rebuild your credit history from scratch, which will make it harder to get your finances in order.

Plus, the Social Security Administration rarely issues replacement numbers after data breaches, Stephens says. If it did, half the country might be eligible.

“I’m not aware of any situation where someone has gotten a new Social Security number because of identity theft,” Stephens says. “That is very difficult to do, and consumer advocates advise against doing so. It further complicates things for you, and the act of getting a new Social Security number is not really going to impact the ability of a criminal to use your old Social Security number.”

If you want to try anyway, gather documentation to prove your citizenship (with a birth certificate or passport), your age (with a birth certificate, religious record, hospital record or passport) and your identity (with a drivers’ license, state-issued ID, or passport).

The SSA says you need to “provide evidence you are having ongoing problems because of the misuse” to be considered for a new number. So if your Social Security number has been exposed but you’re not yet a victim of fraud, don’t waste your time.

“You cannot get a new SSN to avoid the consequences of filing for bankruptcy, to avoid the law or your legal responsibility, or if there is no evidence that someone is using your number,” SSA spokesman William “BJ” Jarrett said in an email. Jarrett advises that if you believe someone is fraudulently using your Social Security number, you should first file a police report and contact the Federal Trade Commission (877-438-4338). “If you have done all you can to fix the problems resulting from misuse of an SSN and someone is still using it, Social Security may be able to assign a new number.”

The Federal Trade Commission also warns that there are companies that offer to help you apply — for a fee, naturally. But you don’t need their help and you shouldn’t have to pay any money; the application for a replacement Social Security number is free.

You can put a fraud alert on your credit report

This one is easy—and you can do it even if your information hasn’t already been exposed. A fraud alert tells creditors to double-check whenever someone applies for credit in your name. For example, when a credit card issuer receives an application for a new card, a fraud alert tells the company to contact you and make sure you’re really the one who submitted the application.

Contact Experian, Trans­Union, or Equifax to place a 90-day alert. It’s free. If you’re a confirmed identity theft victim, the alert lasts seven years.

You can monitor your credit reports

However, you shouldn’t stop there. Under the law, you’re entitled to a free credit report from each of the three credit bureaus every year. Check it.

“If you opt for just the fraud alert, you need to be aware that fraud alerts are not infallible,” Stephens says. “We would recommend that you continually regularly examine your credit reports. Get them every few months and make sure that there’s nothing on there that’s fraudulent.”

You can also sign up for credit monitoring—just don’t pay for it. After a data breach, it’s become the norm for companies to offer free credit monitoring to victims, Stephens says. He also recommends free monitoring from Credit Karma and Credit Sesame.

You can put a security freeze on your credit report

This is the most foolproof thing you can do, but there are downsides. A freeze means no one can pull your credit report—so no one can apply for new lines of credit in your name, not even you.

Identity theft victims can get a freeze for free, but others have to pay. Prices vary by state. It can cost up to $30 to institute a freeze and $12 to lift. You have to “lift” the freeze every time you apply for credit, so that the creditor can check your report.

In other words, there could be a $12 surcharge every time you apply for a credit card, mortgage, or even a job or apartment. For that reason, credit freezes aren’t always a practical solution, especially not for young people who move around a lot.

Again, contact Experian, Trans­Union, or Equifax to institute a freeze.

Related:

MONEY identity theft

Here’s How to Make Sure You Don’t Get Cyber-Scammed on Cyber Monday

141128_EM_CyberTheft
Patrick Strattner—fStop Images/Getty Images

'Tis the season for identity theft. Online shoppers, protect yourselves.

As consumers start their holiday shopping, virtually everyone has the same Christmas wish: Please, don’t let anyone steal my identity.

A recent survey from TransUnion found that 96% of Americans say they’re worried about identity theft this holiday season, and almost two-thirds are more worried this year than they were last year.

And they’re not wrong—identity thieves like to strike during periods of high activity, like Black Friday and Cyber Monday. “Criminals fish where the fish are,” says Ken Chaplin, senior vice president for TransUnion. “This time of year, a lot of people are fairly busy and flustered and just trying to get things done, and they might not be as careful or diligent.”

When you shop at a brick-and-mortar store this season, it’s mostly up to retailers to keep your information secure. But when you shop online, you can fall into traps. Here are the do’s and don’ts for staying safe:

DON’T click on links in retailer emails.

Hackers like to prey on deal-hunters by sending “phishing” emails that look like they’re from brands you know and trust, says Joe Siegrist, CEO of LastPass, a password management and information security company. Then when you click on the email link, the hackers redirect you to a fraudulent site and steal your information.

If you see a great deal, double-check. “Go directly to those sites instead of clicking on links in the email,” Siegrist says. And legitimate businesses should never contact you to ask for your account information or password—if you get an email that does, go directly to the business’ website and enter your information there, or call the business to make sure the request isn’t fraudulent, Chaplin adds.

DO check to make sure you’re shopping at a secure website.

The tell: the URL. The address line should begin with https. That “s” is key—it means the information is being sent over a “secure” line, Chaplin says.

“You might do a web search for an item, and then you’ll click on some sort of a link, and that link might take you somewhere that’s not where you want to go,” Chaplin says. “Be sure that you do business only with websites that have the proper security measures in place.”

DON’T shop on public WiFi networks.

Thinking of sneaking out to a coffee shop to do a little online shopping on your lunch break? Be careful, Chaplin says. Only enter sensitive financial information like credit card and bank account numbers on secured WiFi networks with passwords. On networks without passwords, “whatever you’re typing and viewing online could be seen by someone else,” Chaplin says. “An open WiFi network is not secure.”

Phishers love open WiFi networks, too. “It’s a lot easier to fool you into thinking you’re on a legitimate site when you’re not,” Siegrist says. “They can replace the contents of the page with something they want to be shown.”

DO keep your software up-to-date.

To protect yourself from identity theft, keep your computer safe from malicious adware, Siegrist says. There are a number of adware removal tools out there, but here’s the free and easy way to protect your device: Say yes to software updates. That means installing Windows and Mac updates as they become available instead of always clicking “later.”

And pay extra attention to your internet browser of choice. “Your browser is a very important one—make sure you keep that up-to-date,” Siegrist says. “You have to actually restart your browser to get [the updates]. Don’t run your browser for days on end without a restart, especially if it’s indicating to you that it needs to.”

DON’T use a debit card for online shopping.

Credit cards have better liability protection than debit cards. And when you use a debit card, funds come straight out of your account, so it can take longer to recover your money if someone racks up fraudulent charges.

DO use a different credit card for online purchases.

If you can, use one credit card offline and a different credit card online, Siegrist says. That way, it will be easier to detect fraud. Need a new credit card? Check out MONEY’s Best Credit Cards for holiday shopping and for all year round.

DON’T save your credit card information on websites.

When you shop online, retailers will often prompt you to save your credit card information so that you can buy more items quickly and easily at a later date. Don’t do this.

“You definitely increase your risk when you store your credit cards at these sites,” Siegrist says. “The site itself is then keeping that credit card stored—that makes it a target for hackers.”

DO change your account passwords.

If you do have accounts at different online retailers, change your passwords at least once after Cyber Monday. That way, if any of the sites are hacked during the holiday season, your accounts will be more secure. “It’s good internet hygiene,” Chaplin says.

When you change your passwords, don’t reuse passwords across multiple sites—or else you’ll be giving hackers the master key to multiple accounts. Use this trick to create really secure passwords that you’ll actually remember.

And whenever possible, set up two-factor verification. That way, no one can get into your accounts without both 1) your password and 2) another separate piece of information sent to just you—like a text message or a code retrieved from an iPhone app. Here’s how to enable two-factor verification.

DON’T stress about credit card fraud.

Look, it’s no fun when a hacker steals your credit card number. But credit card number theft won’t wreck havoc on your financial life like other kinds of identity theft. Your liability for fraudulent charges is extremely limited, especially when a hacker just steals your card number and not your physical card. In that case, you owe nothing. And after a big data breach, your financial institution might mail you a new card no matter what, just to be safe.

(If someone steals your actual card and uses it, you could be out up to $50 on credit cards or $500 on debit cards—but that’s not relevant in cyberworld.)

Be worried if a hacker gets your social security number. In that case, a fraudster could open new accounts in your name and ruin your credit. If that’s what you’re afraid of, here’s what to do. But you shouldn’t be sharing your social security number when you shop online, anyway.

DO check your statements.

That said, you should still keep a close eye on your credit card and bank statements for suspicious activity, especially at this time of year. That aforementioned liability protection is only helpful if someone detects the fraud. With credit cards, you’ll want to identify fraudulent charges before you pay your bill. With debit cards, you need to report any fraudulent charges within 60 days of receiving your statement to get your money back.

And read the statements closely. “Criminals are a lot smarter than they used to be,” Chaplin says. “It used to be a huge charge would show up on your card and your bank would call you. Oftentimes now a charge will be $20, $30 a month, and you might not be aware of it.”

But never fear—though identity thieves may have gotten smarter, you can still outsmart them.

Related

MONEY identity theft

I Ate Thanksgiving Dinner With My Identity Thief for 19 Years

mother and daughter at thanksgiving table
Juice Images—Alamy

Axton Betz-Hamilton was shocked to discover the truth about her mother.

Nineteen a minute: That’s how quickly people become identity theft victims in the U.S. Estimates vary, but somewhere between 10 and 16 million Americans are defrauded each year in this way. Thanksgiving can be an awkward time of year for some victims, since family members account for more than 30% of the identity thieves.

Axton Betz-Hamilton knows this firsthand. Raised in a middle-class home—her mother Pamela was a tax preparer, her dad a department manager for a grocery store—her identity theft story is both a family affair and exponentially stranger than fiction.

“We lived on hobby farms—one in Portland, Ind., and then another in Redkey,” Betz-Hamilton told me. Thanksgivings were with family. Her paternal grandfather moved in during the ‘90s. (He had been a welder at a tractor factory.) Together, they were a small family unit that looked like many others, though in reality they were ensnared in a mindboggling circle of financial fraud.

“Nineteen Thanksgivings came and went, and [my mother] cooked those dinners for us—me and dad and my grandfather after he moved in in 1995. We were getting robbed by the hand that fed us the entire time,” she said.

The Damage

Betz-Hamilton’s identity theft story spans 20 years, starting in 1993. The charges on credit cards that were acquired using her Social Security number amounted to about $4,000, but the damage rippled out, impacting every aspect of her financial life.

Betz-Hamilton first discovered that she had been victimized when, as a 19-year-old college student, she was moving off-campus, and the utility company asked for a $100 deposit. The reason: bad credit. She ordered a copy of her credit report (while important for everyone, this is a crucial step for anyone who has been a victim of identity theft). She assumed there would be a one-pager featuring a couple student loans. Instead, a large manila envelope arrived. She then contacted the Identity Theft Resource Center, a nonprofit organization dedicated to helping victims of identity theft. They told her to file a police report. She did that, and waited as nothing happened.

When she disputed the accounts with one of the credit card companies, she was told that her story did not hold up. “There had been two payments before the account was maxed out.” This was earlier in the evolution of identity theft, so all the various tactics were still unknown, but it is not uncommon for an identity theft to try to extend the value of a target by making things appear to be as normal as possible.

“My credit report was 10 pages long, and my credit score was 380,” she said.

The consequences Betz-Hamilton faced will be familiar to anyone who has ever struggled with a bad credit history. “I had to pay higher interest rates for my car loan and the credit cards I legitimately obtained. My first car loan was 18.23% and my first credit card had a 29.9% APR. I’ve had to pay deposits for electric, phone and cable. I had to pay higher insurance rates through 2009.”

The lifetime cost of identity theft is staggering, since bad credit can impact so many pieces of your financial life, as Betz-Hamilton discovered. You can see how your credit scores stack up for free on Credit.com.

Anatomy of Family Fraud

In 1993, Betz-Hamilton’s parents were victims of identity theft. When she found out that her identity had been stolen, the most logical assumption was that whoever had stolen her parents’ identities had stolen hers as well. Another 18% of identity theft victims are defrauded by friends, neighbors and in-house employees. It took 20 years and a fluke discovery for her to learn the truth.

Pamela Betz died of cancer in 2013, and the details of her secret life emerged. She had stolen her daughter’s identity. She had stolen her husband’s identity. She compromised her father-in-law for around $1,500. And of course she herself had mountains of debt.

Betz-Hamilton’s father made the discovery after finding a blue plastic file-box in one of the outbuildings on their farm. Inside, there was a 12-year-old credit card statement. The account was in his daughter Axton’s name. It was overdue, and so he called his daughter to give her a hard time about this hidden bit of past ignominy. She told him the card never existed. Upon closer inspection, the account had a card in his wife’s name.

The 20-year fraud began to unravel.

“She had a lot of purses and backpacks, and that’s where she stored the paper trail,” Betz-Hamilton recalled. “It was also between dresser drawers. Papers were folded and shoved into books. We didn’t know my grandfather’s identity had been stolen until I found a credit card statement in one of those purses, and I still don’t know how far back that goes.”

Questions arose. Was there another house somewhere, cars or perhaps another life? On her deathbed, an alarm rose when Betz-Hamilton’s father noticed that his wife’s wedding ring was missing.

“We think she pawned it,” Betz-Hamilton told me. “I have no idea what she was up to. Maybe she had a second life. She had been using multiple names. I’m still looking.”

Dr. Axton Betz-Hamilton is now a professor at Eastern Illinois University where she teaches courses on personal finance and consumer issues. She wrote her Ph.D dissertation on child identity theft; how people experience it, looking specifically at victims under the age of 18 who learn about their situation later in life.

“My mother’s last wishes were to be cremated, and we respected that. She wanted her ashes to be with me. I’m sitting next to my mother right now,” she told me over the phone.

“Sometimes I yell at her. And sometimes I shake the box she’s in. We just don’t know who mom was. It’s hard to grieve for her. To change things up and start new traditions, I had Christmas at my house last year. Mom was here on the shelf. It was awkward.”

Indeed.

More from Credit.com

This article originally appeared on Credit.com.

MONEY identity theft

10 Easy Ways to Protect Your Data in the Cloud

Step up the security around data you upload to the cloud with these 10 useful tips.

While movies have portrayed hackers as both good (The Girl with the Dragon Tattoo) and evil (Live Free or Die Hard), the one thing that is clear is that they can do a good deal of damage.

Several female celebrities, such as Kate Upton, Jennifer Lawrence, and Hayden Panettiere, became victims of malicious hackers, who nabbed several intimate pictures from the celebrities’ cloud storage accounts.

And if you think that this just happens to celebrities, think again. Even common folks like you and me are being exploited by malicious hackers. It is time to step up the security of your data on the cloud with these 10 useful tips.

1. Create a Stronger Password

A strong password is your very first line of defense against anybody trying to hack your account. Unfortunately, your password is usually the weakest link. In fact, 76% of cyber attacks on corporate networks are due to weak passwords.

Strengthen your password using these security tips from Microsoft:

  1. Make the length of your password at least eight characters. If you want to make it absolutely uncrackable use 15 characters or more.
  2. Skip using your real name, last name, or company name.
  3. Don’t build entire words with only letters.
  4. Use a combination of numbers, uppercase and lowercase letters, and symbols (@, #, $, and %), if applicable.
  5. Update passwords regularly and make them significantly different from previous ones.

Using these guidelines, you can create a strong password like this one: ILuv2PlayB@dm1nt()n. By picking characters from the full set of allowed printable characters, you force hackers to guess from 645 trillion possible combinations.

2. Store Your Passwords Securely

That’s not a typo. Yes, you need several passwords. Hackers exploit the fact that about 55% of Internet users use the same password for several services. The last thing that you want is that after your Dropbox account gets hacked, your online banking account becomes the next target.

It goes without saying, keep your password to yourself. Don’t store it on visible places, such as taped to the back of your keyboard or smartphone.

In a perfect world, you would just memorize them. However, a more realistic approach is to keep an offline notebook in a secure place or use a password management application, such as KeePass Password Safe, LastPass, 1Password, or Password Safe.

3. Activate Two-Factor Authentication

On top of your password, you can often add an extra layer of security by activating two-factor authorization (also known as 2FA). Without 2FA, hackers only need your username and password to access your data.

Several cloud-based services, such as Dropbox and Office 365, offer 2FA by sending you a code via text or phone call that you need to access your account. It’s an extra step, but once you’ve set it up on all of your devices, you are good to go.

4. Keep Your Birth Date Private

But don’t just stop there.

  • The name of your first pet
  • Mom’s maiden name
  • Last four digits of your social security number
  • Name of the street that you grew up in

What do these have in common? They’re all potential answers to security questions to retrieve your password or access to your account. When selecting your security questions, make sure that their answers are not a simple Google search away.

Hide your birth date and any other private information from your bio section from any social media sites, online forums, or websites. The more private your personal information is, the less likely that a hacker can find it through search engines.

5. Learn the Process to Report Hackers

Almost every service has a way to submit a report when you think somebody else is using your account. Here is an example from Microsoft.

By investing the time in becoming familiar with the process of recovering access to your account, you are better prepared for the day that you have to rely on this process. This will help you keep some sanity during that stressful time and know what information is necessary.

6. Be Wary of Public Wi-Fi

Over 95% of American commuters use free public Wi-Fi to complete work on the go.

The problem is that about 60% of them admit they will utilize any free Wi-Fi source they can find. Data transfers happening over public Wi-Fi networks aren’t encrypted, so hackers can exploit these public networks to tap into tablets and smartphones.

By setting up “hot spot honeypots,” digital thieves tempt people with the offer of free Internet, and gain access to all kinds of private data. And they’re not doing anything too high tech: hackers just need a $100 device and can be up to 100 feet away from their victims.

Use these strategies when attempting to connect to a public Wi-Fi:

  • Verify the official name of the network with the place offering it. Don’t assume that every business or public space offers free Wi-Fi.
  • Only activate the Wi-Fi feature of your device, when you are about to access a Wi-Fi network that you have verified.
  • If planning to review work files, use your company Virtual Private Network (VPN) network, if one is available. VPN encrypts all your data during your session and and hides the identity of the servers to which you are connected. Depending on the nature of your industry, you may never want to risk viewing company files without a VPN connection.
  • Keep your device’s operating system up to date. For example, Apple is constantly releasing security updates to address system vulnerabilities for iPhones and iPads.

7. Prevent Automatic Upload of Media

If you keep the default settings from cloud storage services, such as iCloud or Dropbox, then all of your photos and videos may be automatically uploaded to the cloud.

If you’re planning to take some photos and videos that are meant for your eyes only, make sure to update the settings of your cloud storage accounts. Nobody can hack for intimate photos or videos if there are none available online in the first place.

  • iPhone Users: To prevent photos from automatically uploading from your iPhone or iPod to your iCloud account, you can go to Settings > iCloud > Photo Stream, and turn off My Photo Stream.
  • Android Users: You need to check any auto-backup settings you can find on individual apps. Some examples of apps uploading media automatically to the cloud are Facebook, Twitter, and Dropbox. Check the settings menu of your apps and disable any photo-syncing that you’re not comfortable with.

8. Backup Your Media Offline

While it is important to prevent undesired media from ending up in the cloud, it is equally important to backup the data that is important to you. An offline backup of your media is not only important for when your phone is lost, stolen, or severely damaged, but also for when somebody hacks into your cloud account and deletes all of your data!

Most smartphones provide a way to back up your device’s media that is not cloud-based and that can be stored in your personal computer. For example, Apple devices can leverage iTunes to create backups, and Samsung devices can backup through the Kies software.

9. Beware Fake Messages

If you use cloud based storage services, be on the lookout for phishing emails.

These emails may look like real messages from the developers of the service, but they are not. Hackers are trying to trick you into providing your personal information.

Here are some red flags to watch out for:

  • The spelling of the sender’s email is funny looking. For example, instead of xxx@dropbox.com, it reads xxx@dropboxx.com or xxx@drop-box.co.
  • The hyperlinked URLs have misleading domain names. For example, if you hover over a link, you notice that instead of going to the apple.com domain, it goes to apple-com.info.
  • The message contains plenty of misspellings or typos.
  • You are asked to submit your password or personal information, such as mailing address, phone number, or social security number, via email.
  • The message includes a form in Word or PDF format for you to fill out.
  • You’re asked for money to cover for expenses.

If you see any of these red flags, don’t click on any of the links, and delete the email immediately.

10. Delete What You Don’t Want Anybody to See

In an era of potentially unlimited storage through the cloud, we are tempted to keep everything.

  • THOSE pictures from your bachelorette party,
  • Intimate videos or sexts with your current or past partners,
  • Progress pictures when you started your diet,
  • Financial or tax documents over 5-years old, or
  • Scanned copies of IDs from several years ago.

If you don’t want anybody else getting their hands on your data, delete it. This is the only way that you can be sure.

Read more articles from Wise Bread:

Your browser, Internet Explorer 8 or below, is out of date. It has known security flaws and may not display all features of this and other websites.

Learn how to update your browser