March 8, 2012 — -- Karen Greenwood, 47, of Cary, N.C., became a victim of income tax identity theft in 2009. An executive assistant, Greenwood was expecting a check from the Internal Revenue Service for $2,300, which would have included her tax refund for 2008 and a rebate from the economic stimulus plan that was in effect then.
She said the refund was especially urgent that year, because she had been laid off and was collecting unemployment and supporting her 74-year-old father, who lives with her.
"I wouldn't wish it on anyone," Greenwood said, describing the ordeal of her stolen tax refund.
Tax-related identify theft is relatively easy to commit, as all that's needed is a Social Security number and a name, according to Identity Theft 911, an identity and data risk management provider. As victims like Greenwood are dismayed to learn, the crime continues to grow, according to the Taxpayer Advocate Service, an independent organization within the IRS that assists taxpayers.
The service received more than 34,000 tax identity theft cases in fiscal-year 2011, a 97 percent increase over 2010.
Three weeks after Greenwood filed her taxes, she said she logged onto the IRS's website to check the status of her refund. Instead of providing an update, the website advised her to call the IRS. After verifying some information, the IRS said Greenwood's address was not the one in its files, and asked her if she had ever lived in Parsippany, N.J.
Never having lived in New Jersey, Greenwood was told the income tax return had been filed online in her name and with her Social Security number -- with a New Jersey address.
"Notwithstanding the IRS's efforts, its resources and ability to resolve cases are stretched thin," read the Taxpayer Advocate Service's 2011 annual report to Congress. In fiscal year 2011, the IRS's centralized identity protection specialized unit received more than 226,000 cases, a 20 percent increase over 2010.
"The overriding challenge facing the IRS is that its workload has grown significantly in recent years, while its funding is being cut," the National Taxpayer Advocate's Nina Olson said in a statement when it released its report on Jan. 11. "This is causing the IRS to resort to shortcuts that undermine fundamental taxpayer rights and harm taxpayers, and at the same time reduces the IRS's ability to deliver on its core mission of raising revenue."
According to the report, an IRS task force said that 28 different units within the agency charged with helping victims of tax identity theft found more than 50 gaps in IRS procedures. Among the report's recommendations was that the IRS institute a mechanism by which to monitor how long it takes to resolve an identity theft case, adopt a specialized model for identity theft victim assistance and issue a personal identification number to victims to use when filing returns so the IRS could properly distinguish the true taxpayer from the identity thief.
The IRS has taken a number of steps to respond to the growing problem of income tax identity theft, including a national crackdown on 105 suspected identity theft perpetrators in 23 states. That sweep, announced by the Justice Department on Jan. 31, resulted in 939 criminal charges and 69 indictments.
"We are aggressively pursuing cases across the nation with the Justice Department, and people will be going to jail," IRS Commissioner Doug Shulman said in a statement at the time. "This is part of a much wider effort under way at the IRS to help protect taxpayers."
Todd Davis, CEO of LifeLock, a company that offers subscription identity theft protection and clean-up services, said tax-filing fraud is a growing concern, and that credit card and other types of fraud have received stronger protection.
Nearly 25 percent of the 1.8 million identity theft complaints the Federal Trade Commission received in 2011 were related to tax- or wage-related fraud, twice the number in 2009, when Greenwood fell victim.
Last month, the FTC reported identity theft complaints again topped the list of the 30 top consumer complaints the agency received in 2011. Of more than 1.8 million complaints filed in 2011, 279,156, or 15 percent, were identity theft complaints. Nearly 25 percent of the identity theft complaints involved tax- or wage-related fraud.
As credit card fraud decreases, "the criminals are going the path of least resistance," Davis told ABC News.
"We caught credit card fraud earlier, and you can't as easily turn that into money," he said. "The IRS isn't set up to authenticate tax returns or W-2 forms."
Greenwood said some of her information may have been stolen in 2006 from a well-known e-commerce site. That led to her first experience with identity theft. Someone opened credit card accounts in her name and made large purchases, even taking out a mortgage in the name of Karen Greenwood. That's when Greenwood signed up for identity theft protection from LifeLock.
Greenwood said she gave LifeLock authorization to speak on her behalf and worked with a company representative to eventually get her tax refund in early December 2009, about 10 months after she'd filed her taxes.
LifeLock found a bank account that had been opened in Greenwood's name at Atlantic Bank and Trust, which was based in Charleston, S.C. That bank was closed by the Federal Deposit Insurance Corporation in June 2011, and another bank assumed the deposits.
After the theft of her refund check, the IRS gave Greenwood a pin number to use when filing her taxes, identifying her as a former victim of identity theft. Her tax returns would now be hand-processed by 12 different people to ensure their security.
"People really have to pay attention and can't be so naive," Greenwood said. "You really have to be cautious now. I'm extra cautious and trust nobody basically."
Davis, who founded LifeLock seven years ago, said personal information related to filing taxes, including Social Security numbers, could be stolen a number of ways. Many tax filers expose their information when they store their tax return documents in public file-sharing services, such as the recently shut down MegaUpload.
He said some file-sharing networks allow anyone on the network to search a user's hard drive. He said LifeLock once pulled hundreds of thousands of tax returns through one file-sharing service, which included filers' names, birth dates, Social Security numbers, number of children and direct deposit routing numbers for banks.
"A lot of people have no idea that they've exposed themselves," Davis said. "It could have been caused by kids or grandkids downloading music."
The challenge with identity theft is that after your information has been compromised, the most essential data, such as your name, birth date and Social Security number, usually stay the same.
Once thieves have the information, they can commit crimes again.
Davis said LifeLock has "proactive" services that, for example, inform customers when credit card accounts are opened under their identities.
Contrary to what some tax filers wary of online services may think, Davis said people should not be afraid of filing their taxes online.
"Probably one of the safest things you can do is file with an online provider that saves the info into a secure cloud," he said. "When you save information in your own hard drive, unencrypted and not password protected - even if you mail your tax filings in a blue mailbox - criminals know where to look."
The IRS provides guidance on what to do if your tax records fall into the hands of Identity thieves, and tips to prevent it. Those tips include:
1. Don't carry your Social Security card or any documents with your SSN on it.
2. Don't give a business your Social Security number just because it asks.
3. Check your credit report every 12 months.
4. Protect your personal computers by using firewalls, anti-spam/anti-virus software, update security patches, and change passwords for Internet accounts.
5. Don't give personal information over the phone, through the mail or on the Internet unless you have initiated the contact or you are sure you know whom you are dealing with.