MONEY identity theft

The Surprising Kind of Identity Theft You Probably Haven’t Heard Of

hand scrolling over medical records in dramatic lighting
David Whitney—Getty Images

Medical identity theft is a scary scam, but you can avoid it or minimize its damage.

You surely know about the dangers of identity theft, where someone who has obtained some of your personal information, such as your Social Security number, uses that to get money (often yours) or credit. It can cause massive headaches, at the very least. There’s not just a single kind of identity theft, though. There’s one kind in particular that has been happening more often lately. You probably don’t know about it and you definitely should. It’s medical identity theft.

The Federal Trade Commission has warned consumers about this growing danger, explaining medical identity theft thusly: “A thief may use your name or health insurance numbers to see a doctor, get prescription drugs, file claims with your insurance provider, or get other care. If the thief’s health information is mixed with yours, your treatment, insurance and payment records, and credit report may be affected.”

A growing problem

Here’s how much of a growing problem medical identity theft is: There’s a Medical Identity Fraud Alliance, or MIFA. And it has studied the matter, estimating that 2.3 million Americans were victimized by it in 2014, up almost 22% over 2013. That’s a lot of people — and a fast growth rate. Worse, along with the Ponemon Institute, MIFA has surveyed Americans, finding that among victims of medical identity theft, 65%, about two-thirds, ended up spending an average of $13,500 to straighten matters out. Victims also lost a lot of time — an average of about 200 hours spent trying to resolve their cases. Can it get any worse than that? Yup, it can: the folks at MIFA found that only 10% of those surveyed reached a “completely satisfactory conclusion of the incident.” And while about a fifth of victims suffered a decrease in their credit score, almost a third lost their health insurance.

Part of the problem likely stems from cyberattacks and security breaches at major corporations, when thousands or millions of people’s data is stolen in one fell swoop. That happened recently at America’s second-largest health insurer, Anthem, for example, and even more recently at Premera Blue Cross, based in Washington State. Premera Blue Cross’ breach is believed to affect 11 million members, and a Reuters report has explained that “the attackers may have gained access to claims data, including clinical information, along with banking account numbers, Social Security numbers, birth dates and other personal data in an attack that began in May 2014 and was uncovered on Jan. 29 of this year.” See some potential problems? Right. (Anthem believes that medical information was not stolen in its breach that affected close to 80 million people.)

What to do

Fortunately, if you’re now quivering in fear, worrying about being victimized, know that you’re not completely powerless. There are some steps you can take to reduce your chances of falling prey:

  • Check your credit reports regularly for any strange unpaid bills that an identity thief might have generated. You’re entitled to one free copy of your credit report each year from each of the three main reporting bureaus, and you can access those at AnnualCreditReport.com. To be strategic about it, you might space out your three annual copies, requesting one every four months, so that you’re getting information more regularly than once a year.
  • It also helps to know your Health Insurance Portability and Accountability Act rights and to ask your healthcare providers if you can see your electronic health records, to check for errors — especially if you know or suspect that you’ve been victimized. Read your explanation-of-benefits statements from providers, too, to check for any fraudulent charges. Know that you can ask health plans and medical providers for an “accounting of disclosures,” too, which is a listing of who has received your records and what information they received. You should, by law, be able to get one copy per year from each provider.
  • Don’t give out your personal information to friends or family members so that they can access some medical care. The data from MIFA shows that about a quarter of victims had given identifying information to a friend or family member.
  • Be on the lookout for scams, such as if someone claims to work for a healthcare company and offers you some services for free or for a too-good-to-be-true price, requiring your Social Security number or other personal data.

If you find that you’ve been victimized — and it can take several months for someone to notice, perhaps after receiving an unexpected bill or a collections notice — report it. Many people don’t report medical identity theft. Reasons include being embarrassed (such as if they gave their information to a trusted person) or not knowing where to report it. You can report problems to your health care provider, your insurer, and federal and state authorities. You can also contact your local police department, your state Attorney General’s office, and the Department of Health and Human Services.

Medical identity theft is a scary scam, but by taking certain steps, you may be able to either avoid it or minimize its damage, should it happen to you.

Related Links

MONEY identity theft

Target to Pay $10 Million Settlement in Data Breach Lawsuit

Target has agreed to pay $10 million in a proposed settlement to the customers who lost money in that 2013 hack.

MONEY identity theft

Meet the New Grave Robbers

grave with wooden cross for marker
Gregg Segal—Gallery Stock

They are not what you'd expect...

Take your driver’s license out of your wallet. Flip it over. Now look carefully at the back of it. There’s no box to check for “Identity Donor.” Yet when it comes to identity-related crimes, one of the greatest times of vulnerability is immediately after you die.

You can do everything right. You can use long and strong passwords and account-unique user names. You can check your financial accounts and monitor your credit on a regular basis, you can set up transaction alerts on your credit cards — even order a credit freeze — and then you die. Well, not entirely…

Include Identity in Your Estate Planning

A good identity thief can undo all your fraud precautions with a few phone calls. Most people don’t think about this, because it’s a wee bit late to refinance the family homestead — much less worry about interest rates — when you’re dead. Regardless, the recently deceased continue to exist on paper, and this may be the case for some time. Meanwhile, many bankable facts — key among them your Social Security number and personally identifiable information — are just sort of there in the form of “zombie” purchasing power. An identity thief can use that purchasing power to drain your bank accounts, open new credit in your name and perpetrate all sorts of fraud that can impact your family and heirs.

Think of your post-mortem identity as a would-be extra on “The Shopping Dead.” Now that you have that image in your head, take the time to arrange for the deactivation of your identity by making it part of your estate planning. This will mostly take the form of a to-do list for whomever will be handling your affairs, since nothing can be done till…well, you know, after the fact. There are many good resources, including this list from the Identity Theft Resource Center.

There are many different scams out there, ranging from the misappropriation of Social Security payments to the more old-fashioned practice of ghosting, whereby a person of approximately the same age assumes the identity of the deceased. In keeping with the proliferation of possible crimes, there are plenty of criminals out there who make a living in this post-mortem niche. They scan death notices in the local paper, read obituaries, even attend funerals, and, make no mistake about it, they can get a lot of shopping done with your available credit before the three credit reporting agencies and your current and future potential creditors are notified of your demise. Those same bad guys may also use your Social Security number to grab a big fat tax refund (if you’re lucky enough to pass away during tax filing season).

How will they get the information needed to commit fraud? Sometimes the perpetrator is a family member, so they already have access. But more often, family members are distracted and distraught. There are visitors who come and go, unchecked, and of course the numerous demands of making final arrangements and dealing with matters of the estate. If there was a long illness, unsupervised healthcare workers may have had the run of the deceased’s domicile — including the owner’s most sensitive information. Maybe the wake was at the deceased’s home, or people sat shiva there. The opportunities for fraud abound. Funerals, of course, provide a thief with a precise time to get what he or she wants. But instead of grabbing the television or the silver (too easy to miss), an envelope containing a financial statement or a copy of last year’s tax return might go walkabout. From there, it’s a race to apply for as much credit and buy as many pricy things for resale as possible before the money spigot coughs credit dust.

The Bigger Picture

Government agencies are famously slow to get the news of a person’s undoing.

A recent audit of the Social Security Administration conducted by the Office of the Inspector General found approximately 6.5 million Social Security numbers belonging to people aged 112 or older whose death information wasn’t in the system. Of those numberholders, only 13 people were still receiving payments, the rest consisted of “numberholders who exceeded maximum reasonable life expectancies and were likely deceased.” The fact that their deaths were not recorded in Numident (the SSA’s numerical identification system), and thus are also missing on the Master Death List, leaves plenty of runway for misconduct. According to the audit report, the “SSA received 4,024 E-Verify inquiries using the SSNs of 3,873 numberholders born before June 16, 1901.”

On the off chance you missed the memo while diving for sunken treasure at the bottom of Loon Lake: Identity theft is now the third certainty in life, right behind death and taxes. When a loved one passes, there is a trifecta, which is why it’s trebly important to protect against the threat of a different kind of life everlasting.

More from Credit.com

This article originally appeared on Credit.com.

MONEY identity theft

These Are the Only Data Breaches You Really Need to Worry About

social security card breaking up into bits and floating away
Yasu+Junko—Prop Styling by Shane Klein

Every day seems to bring news of another hack that compromises your personal data. While you can't afford to get complacent, you don't need to panic about every leak. Here's how to know when to worry and what action to take.

At this point, you can bet a hacker has made off with some of your personal information. The number of data breaches hit an all-time high in 2014, according to the Identity Theft Resource Center. An estimated 86 million records—including credit card and debit card numbers—were compromised, with Kmart, Home Depot, and Staples among the companies that saw the greatest data spillage.

Perhaps the worst scare yet, however, came in early 2015, when health insurer Anthem reported that hackers accessed its customers’ Social Security numbers—pure gold to an ID thief. “This one is a nightmare,” says Ed Mierzwinski of advocacy group U.S. PIRG.

But you may be too weary to heed the wake-up call. Almost a third of Americans who receive breach notifications ignore them, privacy research group Ponemon Institute has found. While you can’t panic over every breach, you also can’t afford to get complacent. How much to worry and what action to take depend on what data you learn have been compromised.

YOUR SOCIAL SECURITY NUMBER

How much to worry: A lot. A fraudster could apply for credit in your name, and you could spend years repairing your records, says Paul Stephens of the Privacy Rights Clearinghouse.

What to do: Check your credit reports ASAP for unusual activity. You’re entitled to one free copy per year from each of the credit bureaus (Equifax, Experian, TransUnion) via AnnualCreditReport.com. At minimum place a free 90-day fraud alert with one of the bureaus, which will inform the other two. This alert tells lenders to confirm your identity before extending credit.

A better move: Freeze your credit, preventing anyone from getting loans in your name. On the downside, you’ll pay up to $10 per credit bureau to place a freeze and up to $12 per bureau to lift it when you apply for new credit. A hassle, yes, and costly. “But for someone worried about ID theft, it’s the best $30 you can spend,” Stephens says.

A PASSWORD

How much to worry: Depends on what kind of site was hacked and whether you reuse passwords (61% of people do, identity protection firm CSID found).

What to do: Ideally, you’d change your password on the breached site and all others on which you used the same code. But if the idea of that much work leaves you paralyzed, the least you need to do is change codes for the most critical accounts (like email and financial sites), says Joseph Bonneau, technology fellow at the Electronic Frontier Foundation. And where it’s an option, set up two-factor authentication, which requires you to input an additional piece of information to log in. That will make it harder for hackers to break into your account next time a password is compromised.

YOUR CREDIT CARD NUMBER

How much to worry: Very little. When criminals steal just a credit card number, you’re not liable for any fraudulent charges, notes Chi Chi Wu of the National Consumer Law Center. With a debit number, you’re not liable for unauthorized charges you report within 60 days of getting your statement, and often banks will make you whole even if you don’t report until later. (The laws are different when a card itself is stolen, but, again, many issuers have zero-liability policies.)

What to do: Simply read your statements carefully, says U.S. PIRG’s Mierzwinski. Call the issuer if you see charges you don’t recognize, he says, “though usually your bank calls you first.” Don’t assume credit monitoring—which many breached businesses offer to customers for free—will do the job for you, Wu says. The services only tell you when a lender checks your credit, not when charges are run up on an existing account.

OTHER PERSONAL INFORMATION

How much to worry: Very little. Criminals can’t commit ID theft with just your name, birth date, or email—though they may try to “phish” for more info by posing as legitimate businesses.

What to do: Stay vigilant. Avoid clicking on links in emails. And when a financial institution calls, hang up and call back. Better to seem rude than get rooked.

 

MONEY Social Security

Why 6.5 Million Social Security Numbers Shouldn’t Exist

Social Security cards
Lane Erickson—Alamy

There are 6.5 million Social Security numbers assigned to people born before June 16, 1901, that have no date of death on record. Only 13 are alive.

An audit of the Social Security Administration found that about 6.5 million Social Security numbers assigned to people who would be 112 years old (and are likely deceased) did not have a date of death on their records. Thousands of these numbers may have been used to commit identity theft or another form of fraud.

The purpose of this audit from the Office of the Inspector General was to assess whether the Social Security Administration had an adequate system for adding death information to the SSA’s Numerical Identification System (aka Numident) for “numberholders who exceeded maximum reasonable life expectancies and were likely deceased,” the report reads. The answer: No, it does not.

The Audit Details

Here’s how the report outlined the problem: While the Social Security Administration may have information indicating a numberholder is deceased — like record of a death benefit having been claimed or a date of death in SSA payment records — the lack of a date of death in the Numident creates a significant information gap. Many federal agencies rely on the Death Master File to know whether a numberholder is dead, but if a numberholder’s date of death is not noted in Numident, it doesn’t appear on the Death Master File.

Almost all of the 6.5 million records without a date of death were not receiving payments from the SSA at the time of the audit, indicating they were deceased. Of the 266 numberholders receiving payments, just 13 were actually 112 years or older, and various record discrepancies explain the remaining benefits payments.

People use Social Security numbers for much more than receiving Social Security benefits. They are used to secure employment, apply for credit and file taxes, potentially claiming a tax refund. To look into potential abuse, the auditors compared the 6.5 million Social Security numbers against the SSA’s Earnings Suspense File (a database of earnings tax forms where the names don’t match the Social Security numbers) and the E-Verify System, which is used to validate whether a numberholder is authorized to work in the U.S.

The result of those cross-checks was significant: SSA transferred $3.1 billion in wages from 66,920 of the numberholders to the Earnings Suspense File from tax years 2006 through 2011. Between fiscal years 2008 and 2011, “SSA received 4,024 E-Verify inquiries using the SSNs of 3,873 numberholders born before June 16, 1901,” the audit report says.

What It Means

The report indicates that, if death dates were systematically entered into Numident, therefore included on the Death Master File, tens of thousands of instances of Social Security number abuse or fraud could possibly be prevented.

Auditors made four recommendations to the Social Security Administration, two of which the administration agreed to. SSA will explore options and ramifications of implementing an automated process to update Numident records on numberholders, and it has agreed to complete this analysis by the end of fiscal 2015 (Sept. 30). SSA disagreed with recommendations that it use old payment record information to update Numident, saying it could result in inaccurate death information in the Death Master File and would require too much time and resources.

Identity theft after death is a legitimate concern for families of the deceased, particularly in the time immediately following a death, when accounts remain open and taxes have yet to be filed in the the person’s name. For this reason, it can be helpful to plan ahead and leave instructions in your will, listing your financial accounts and designating someone to handle them quickly following your death, minimizing the amount of time a potential identity thief has to misuse your information.

If you’re worried about the theft or misuse of your own Social Security number, you should monitor your credit regularly for new-account fraud. You can get free annual credit reports from AnnualCreditReport.com and you can check two of your credit scores for free every month on Credit.com.

More from Credit.com

This article originally appeared on Credit.com.

MONEY identity theft

Yahoo Gets Rid of Passwords

Yahoo! screen on mobile phone
Anatolii Babii—Alamy

The tech giant offers a new way to sign into your email account.

If you use Yahoo, you can quit trying to remember your password or having to change it every time a company you do business with is hacked.

The tech company on Sunday announced that it is now offering “on-demand” email passwords that will be sent to you via your cellphone.

The process is similar to “two-step verification” security models already used by other businesses, which requires you to enter a fixed password first, followed by another code sent to you by the company via text message. Yahoo’s system skips that whole first step.

At its unveiling Sunday at the South by Southwest festival in Austin, company vice president Dylan Casey called this “the first step to eliminating passwords,” and said he doesn’t think the industry “has done a good enough job of putting ourselves in the shoes of the people using our products,” according to a report by the Guardian.

The company also released a blog post detailing exactly how to sign up for the optional service, which is currently available only in the United States.

Learn more about why to set up two-factor authentication and how to protect your online money accounts here. And until you do, use this handy chart to create a harder-to-crack password that you can still remember.

Screen Shot 2014-08-06 at 10.06.24 AM
MONEY life hacks

This Is Why I Keep a “Burner” Email Account—and You Should Too

The email trick that protects your identity, minimizes targeted ads, and saves time.

When the news hit that Hillary Clinton had a private email account that she used in her duties as Secretary of State, I thought, “Doesn’t everyone?”

Maybe that’s my default reaction as a millennial who has picked up and dropped about 10 email addresses over the past decade or so. But it’s also because the value of navigating the online world without exposing all of your personally identifying information is so clear to me. We’re living in a post-Target, post-Anthem, post-[insert next company here] world. The reality for the average Internet user is that guarding your personal information online is getting tougher.

First, a few caveats. I’m not a security expert. I’m not an organizational guru. I’m not doing anything illegal a la “The Wire” that would require a complex system of burners to evade law enforcement (though I do love that show). I’m not catfishing anyone. I’m not creating entirely new identities in order to dupe, scam or hurt anyone. I’m just explaining a system that has worked for me personally and that could work for you.

I introduce to you the “burner email” — an email address that you use with the intention that you’ll delete it at some point down the road. Here’s how it works: I have an email address with a reputable, secure free service, with no personal information about me included in the handle — it’s entirely random and has no personal information included. I use that email address for usernames, login credentials, etc., whenever I don’t want to use my main email address. This could be for everything from writing my email address down to enter a raffle at a local lunch spot to signing up for an online service that I may not use frequently. My main email address stays separate from my “burner” account and it helps me compartmentalize my life a bit. Here are the perks.

1. To Keep My Identity Secure

When it comes down to it, your email address holds a lot of personal information about you. For some people, their name is their email address. Others include some seemingly meaningless information like their alma mater or their pet’s name in their handle. While that information may be easy to remember and seems innocuous, an identity thief can piece together answers to security questions and other details about you to get access to other online accounts you may have.

It also can help protect my main email account from hackers. For example, when a minor data breach of an online retailer where I shop exposes only usernames (and the usernames are email addresses, as they commonly are), I can rest easy if I know I’ve used my burner account. The information those hackers have unearthed may be used in a phishing attack on me, but I can “burn” that email and create a new one just as easily.

2. To Confuse Microtargeters

With many email providers skimming your ingoing and outgoing messages for clues about what you’re buying, eating, drinking, watching and talking about, a burner email account can give you a little peace of mind when it comes to ads that are targeted at you. I don’t know about you, but it gives me the creeps when I check out a dress online, then am followed by that dress for the next few days in the form of in-email ads and customized units on other websites. A burner email can help me hide from the cookies, even if it’s just for a little bit.

3. To Keep My Main Inbox Clean

I’ve found there are two types of email users: People who are OK not reading every email they get, and those who have to read everything as soon as it comes in. I’m the latter. So keeping my main email inbox free of coupons, newsletters, daily deal offers, promotional and marketing materials saves me a lot of time. I can get to the emails from my parents, friends, etc. without having to delete 20 emails from companies that I may want to browse from time to time, but clutter my inbox and drive me crazy.

It’s also helpful to use a burner email address for projects. For example, if you’re applying for a job. With all of the job hunting sites and alerts you can sign up for nowadays, you could be getting hundreds of messages a day from potential employers and hiring websites with job recommendations and interview requests. Creating a burner email account for this ensures important emails don’t get lost in the process and it helps compartmentalize your life a bit. Having a baby? A burner email could help you sign up for all of your baby-related stores, websites, community boards, etc. without exposing any personal information online. Selling stuff online? Posting to Craigslist anonymizes your email address to a point, but if you’re setting up a meeting to exchange goods, a burner email could give you a little extra protection.

Let’s be clear — this is by no means a silver bullet. Identity theft really is the third certainty in life, and a burner email won’t stop you from getting got — but it might make you a tougher target for thieves and hackers. Monitoring your financial accounts regularly can help you reduce the impact of fraud. Experts recommend you check your bank accounts daily, and monitoring your credit can be useful as well. You can get free annual credit reports under federal law at AnnualCreditReport.com, and you can get two of your credit scores for free every month on Credit.com.

More from Credit.com:

MONEY ID Theft

How To Get Your Money Back If Your Tax Refund Is Stolen

Tax Refund check
B Christopher—Alamy

To protect your identity—and get the refund you're due as quickly as possible—follow this guide.

Did a thief beat you to filing your own taxes this year?

You’re not alone. More and more Americans are finding that someone has taken over their identity to file a fraudulent tax return in their name and collect the refund check.

In the first half of 2013, 1.6 million taxpayers were hit by tax identity theft, compared to just 271,000 in all of 2010, the Treasury Inspector General for Tax Administration reported. And the IRS paid out $5.8 billion in stolen tax refunds in 2013, according to a study by the General Accountability Office (GAO).

The increased use of electronic filing means that fraudsters are able to file a greater number of returns more quickly and with little or no documentation. This year, the number of suspicious electronic returns has been so great in some states that in February TurboTax, one of the largest tax prep software providers, temporarily suspended processing all state tax returns until it could block users from filing unlinked state returns, which are returns filed without a federal return.

Unfortunately, the number of false returns may not be coming down any time soon. A GAO report just named the IRS’s ability to address tax refund fraud and identity theft as one of the government’s top weaknesses.

If you’ve received a notice from the IRS stating that more than one return has been filed in your name, or if you believe your identity has been used fraudulently, here’s what to do:

1. Report the Fraud Quickly

Call the IRS Identity Protection Specialized Unit at 800-908-4490 right away so that they can begin the process of verifying your information. You’ll also need to fill out an identity theft affidavit, or Form 14039, so that the IRS can place an alert on your account. If your state tax return was filed falsely as well, contact your state revenue agency (for your state’s hotline, check out this list).

Also report the theft to the police. While law enforcement is unlikely to investigate, many government agencies and credit bureaus require an official theft report to help you solve the fall-out.

2. Gather Your Proof

“When you call the IRS about the ID theft, have old copies of your tax returns from the past two or three years out. It will move your case faster,” says Valrie Chambers, a CPA and Stetson University accounting professor.

By providing additional information that the IRS can check against, you strengthen your case that your return is the legitimate one. For example, an ID thief is unlikely to know that you got divorced two years ago and stopped filing jointly, but this fact can easily be checked by the IRS, giving your filed return more credibility.

While you’re searching for those forms, also pull out your driver’s license, birth certificate, passport, two recent utility bills, and, if you’re married, your marriage certificate. You’ll need to mail in copies of all these documents as well as your police report in order for the IRS to verify your tax return and rule the other one fraudulent, says CPA Art Auerbach, who has worked with tax refund theft victims.

3. Pick Up More Protection

Once you report the fraud and fill out the affidavit, the IRS should issue you a personal identification number to provide another layer of security. You’ll need to submit this PIN along with your Social Security number when you file any tax form going forward so that the IRS knows to carefully check over your account. As an identity theft victim, you’ll get a new PIN every year.

If you live in the tax fraud hotbeds of Florida, Georgia, and D.C., you can apply for a PIN without having been an ID theft victim, thanks to a new IRS initiative. To get the six-digit number, you need to register and verify your identity online. You can sign up on the IRS website.

4. Alert the Credit Bureaus

“If a thief had enough information about you to file a false tax return, he could have also opened new credit card accounts or taken out a loan in your name,” says CPA Troy Lewis, chairman of the American Institute of CPAs’ tax executive committee.

Set up free fraud alerts with the three major credit reporting bureaus, Equifax, Experian, and TransUnion. These alerts, which last 90 days but can be renewed, warn potential creditors or lenders that you are an identity theft victim and that they must verify your identity before issuing credit.

You can go a step further by placing a credit freeze on your files, which instructs the credit agencies to prevent new creditors from viewing your credit score and report. With a police report, it’s free; without one, it can cost as much $10, depending on your state.

A freeze will keep you from accessing instant credit too. If you need to apply for a loan, you will need to give the agency permission to thaw your data, and in some cases you’ll pay a fee to lift the freeze, which can take a few days.

5. Check Your Credit Report

You are entitled to a free copy of your credit report from each of the three agencies. Check them carefully for unauthorized activity. Look at your history as well as recent activity. Just because you were first alerted to the problem through a false tax return does not mean that’s where the ID theft started.

If you see errors in your report, such as wrong personal information, accounts you didn’t open or debts you didn’t incur, dispute those errors with each credit agency and the fraud department of the businesses reporting that inaccurate information.

6. Change Your Passwords

In the past, most thieves collected data about a taxpayer and then created an account at a tax preparation software site to file a false return. But Intuit, the parent company of TurboTax, says that in the past 18 months it’s seen fraudsters shift to taking over people’s existing accounts.

Thieves know that people use the same password at multiple websites. When usernames and passwords are compromised in a data breach, a thief could use them to test for a TurboTax account and file in your name.

If you have an online account at a site like TurboTax, make this password unique from any other passwords you use online. Follow this guide to make it as secure as possible. If you use your tax prep password at your bank or any other site with personal information, change that password too.

7. Be Patient

The IRS says a typical case of ID theft can take 180 days to resolve. And even after you’ve cleared up this year’s tax mess, tax and credit fraud can be a recurring problem.

When a thief beats you to filing, the IRS will flag your legit return and process it manually, scrutinizing every detail to figure out which return is authentic. This means your refund could be delayed for months.

The IRS will always pay you your refund, regardless of whether it already paid it out to a fraudster. If your tax fraud case hasn’t been resolved and you’re experiencing financial difficulties because of the holdup with your refund, contact the taxpayer advocate service at 877-777-4778.

MONEY identity theft

Here Are the Places Where You’re Most Likely to Get Your Identity Stolen

best travel rewards credit card
Robert Hadfield

Watch out in Florida.

Fraud can happen anywhere, but certain places seem to have it worse than others. The Federal Trade Commission recently published its annual report on consumer complaints, and it includes rankings for cities with the most fraud reports, and in a separate list, the most identity theft reports. Did your hometown make the top 10 list?

Florida dominated the identity theft list: Miami-Fort Lauderdale-West Palm Beach was No. 1 with 316 identity theft complaints per 100,000 residents. In fact, it was a runaway leader. No. 2 was Seattle-Tacoma-Bellevue, with just a hair over 200 per 100,000.

Three other Florida locales made the top 10 identity theft complaints list — Tallahassee at No. 4, Naples at No. 5, and Jacksonville at No. 10. It should come as no surprise that Florida was also the No. 1 state for identity theft complaints. And this is no short-term issue. Miami was also No. 1 for ID theft last year; Naples, Tallahassee, Port St. Lucie and Tampa all made the top 10 list in 2013.

Largest Metropolitan Areas for Identity Theft-Related Consumer Complaints

  1. Miami-Fort Lauderdale-West Palm Beach, Fla.
  2. Seattle-Tacoma-Bellevue, Wash.
  3. St. Louis, Mo.-Ill.
  4. Tallahassee, Fla.
  5. Naples-Immokalee-Marco Island, Fla.
  6. Olympia-Tumwater, Wash.
  7. Portland-Vancouver-Hillsboro, Ore.-Wash.
  8. Pueblo, Colo.
  9. Jacksonville, Fla.
  10. Detroit-Warren-Dearborn, Mich.

As for the generic category of “fraud and other” complaints, which excludes identity theft reports, Florida didn’t fare quite as badly. Only Homosassa Springs at No. 2 cracked the top 10, with Jacksonville hitting 11. Who was No. 1? Little Sierra Vista, Ariz., home to Army base Ft. Huachuca, near the Mexico border. It jumped from No. 8 in 2013, and the number of complaints per 100,000 nearly doubled from last year.

Mayor Rick Mueller of Sierra Vista replied “no comment” when asked about the city’s fraud complaint rate.

The “other fraud” top 10 list is much more diverse, hitting all regions of the country.

Largest Metropolitan Areas for Fraud and Other-Related Consumer Complaints

  1. Sierra Vista-Douglas, Ariz.
  2. Homosassa Springs, Fla.
  3. Colorado Springs, Colo.
  4. Weirton-Steubenville, W.Va.-Ohio
  5. Bellingham, Wash.
  6. Santa Fe, N.M.
  7. Dover, Del.
  8. Washington-Arlington-Alexandria, D.C.-Va.-Md.-W.Va
  9. Las Vegas-Henderson-Paradise, Nev.
  10. Prescott, Ariz.

This notorious top 10 list is remarkably consistent — nine out of the top 10 cities were in the list last year. The only new entrant was Steubenville, near the West Virginia border, which was ranked 11 in 2013.

While you can’t entirely prevent identity theft from happening to you, you can take measures to reduce your risk. That means it’s all the more important to stay on top of your financial data to look for signs of fraud. Check your financial statements regularly (every day, even) for unauthorized charges or activities, and check your credit reports for fraudulent accounts or other inaccuracies. There are also services that allow you to monitor your credit — doing so can alert you to changes — good and bad. You can get your free credit report summary, updated every month on Credit.com, to watch for problems so you can address them as soon as possible.

More from Credit.com

This article originally appeared on Credit.com.

TIME Scams

The New Way Scammers Are Fleecing America

Sending Text Message On Mobile Phone Nokia 3310
Alamy Seemed like a smart phone at the time.

That call you got probably isn't actually from the IRS

The FTC released its annual list of the top consumer complaints, and while there are some perennial gripes therein, there are also some new things consumers should watch out for.

Among the more than 2.5 million complaints, not including do-not-call complaints, identity theft once again takes the top spot—a position it’s held for 15 years running now. In 2014, 13% of the complaints the fielded by the FTC, state and federal agencies, consumer protection and other non-governmental groups pertained to identity theft.

Right behind it, debt collection complaints held onto the number two spot with 11% of the complaints, but a new entrant entered the third spot: so-called “impostor” scams.

Impostor scams are when someone calls and pretends to be from a government agency or other authority, usually the IRS, but not always. These scams often revolve around tax-related topics. The FTC says complaints about fake “IRS” agents was almost 24 times higher last year than in 2013.

“IRS employees won’t call out of the blue and threaten to have you arrested or demand specific methods of payment,” says Jessica Rich, director of the FTC’s Bureau of Consumer Protection. If the real IRS needs to get ahold of you about a tax bill, they know where you live — they’ll do it by mail.

Military personnel appear to be at a higher risk for impostor scams. While it was the third most common complaint overall last year, it was the second-highest complaint for military consumers.

“Whether it’s pretending to be the IRS during tax season, or making false promises of a lottery win, scammers are increasingly sophisticated in their efforts to deceive consumers,” Rich says.

Members of the military also seem to be targeted to a greater degree by shady educational outfits: Although complaints related to education were pretty far down the list among the general population, they ranked seventh-highest among members of the military.

Where you live also makes a difference in the likelihood that you’ll be targeted by scammers. The FTC says the most identity theft complaints come from Florida, Washington and Oregon, while the most fraud complaints come from Florida (again), Georgia and Nevada.

Nationwide, more than half of fraud complaints originate with a scammer calling the victim; about a quarter of the contacts are initiated by email. Fraud pertaining to government documents or benefits was the most common kind, making up almost 40% of complaints. Prepaid cards and wire transfers were the most common ways scammers separated victims from their money.

Your browser is out of date. Please update your browser at http://update.microsoft.com