Tuesday, April 04, 2006

IRS Moves to Tighten Up Disclosures that Allow Tax Preparers to Sell Your Personal Information

I've often commented that marketing is the root cause of identity theft. For years, our information has been "gathered and sold" AND a lot of the "gatherers" have done a lousy job of protecting it.

After all, we seem to read about this data being compromised every week.

Lately, we've all read about the IRS phishing attacks and how to protect ourselves. But did you know that by signing releases when you have someone do your taxes authorizes your preparer to sell your information?

Some might argue that this puts your information at as much risk as clicking on one of those "phishy" e-mails circulating around the internet. Especially when data is being breached at record rates by criminals, who normally use it to commit financial crimes in your name.

Here is an interesting analysis from USA Today:

Now, the IRS wants to change the rules, and at a hearing today in Washington, the agency is bound to get an earful. Consumer advocates have criticized the IRS for what they see as plans to loosen the rules. Major tax preparers have blasted the agency for adding what they regard as needless confusion.

Actually, the IRS is on the right track. The proposed rules would make consent more specific and clearer to taxpayers. They'd require a "warning" to consumers that once returns are disclosed, the preparer "has no control over" what third parties do with it.

That warning is a needed eye-opener for consumers, who now may give away their privacy simply by failing to read fine print:

• Disclosures are a boon to tax preparers and businesses working with them, not the taxpayer. Why should taxpayers share highly personal data to assist marketing?

• Preparers often pitch "refund anticipation loans," which allow taxpayers expecting a refund to get their money within two days. That bit of convenience comes at a high cost. A report last April by the Brookings Institution found common fees of $130 for loans that sometimes last less than two weeks. On an annualized basis, the interest can exceed 200%. The loans, Brookings found, take a significant chunk of low-income taxpayers' refund dollars - an estimated $740 million in 2003.

• In this digital age, hardly a month goes by without news of some company losing credit card or other personal data through a security breach. Disclosing tax information opens the possibility that return data could be mishandled as well.

To sum it up USA Today commented:

Better yet, if Congress has any interest in protecting its constituents rather than its campaign contributors, it might want to require that preparers stick to doing taxes, instead of turning tax time into a bazaar for selling other financial products.

Here is the full story by USA Today:

For sale: Your 1040 (USATODAY.com)

In case anyone is interested in how many data breaches have occurred in the past couple of years, here is a pretty eye-opening chronology from the Privacy Rights Clearinghouse.

Of course, my personal advice is to "Just Say No," when your tax preparer asks you to sign your "identity" away.

Sunday, April 02, 2006

If We Can't Trust Giving to the Red Cross, Who Can We Trust?

Most major organizations face a growing problem, or the fact that many of their fraud losses come from within. You would think that the Red Cross would be immune to this, but apparently not.

It seems that although disasters bring out the best in people, it also brought out some of the worst behavior imaginable.

Hurricane Katrina illustrates this. It almost seems that more money was distributed to fraudsters than to the people, who were victims. No one was immune from the Government to the Red Cross.

I recently blogged about "Who Really Profited in the Hurricane Disasters" in reference to massive amounts of money that was lost due to fraud and waste in the government effort to provide relief.

Now the Red Cross is under fire and has turned the case over to the FBI. Here is a story from the AP, courtesy of Forbes:

"The FBI is looking into allegations of theft and other wrongdoing by American Red Cross volunteers who distributed relief supplies after Hurricane Katrina. A task force probe - which includes state, local and federal authorities - began after the Red Cross conducted its own investigation and turned over information to authorities, said Jim Bernazzani, the agent in charge of the FBI's New Orleans office."

Full story, here.

My sad prediction is that in future disasters, I would imagine the public is going to be less likely to help. Perhaps (in the end) only aggressive prosecution of the guilty will bring the people's confidence back. A little diligence within some of these organizations to prevent misdeeds from their own would help, also.

It would only be justice for those, who committed fraud when people's lives were at stake.

Here are some previous posts, I've done on the hurricane disasters:

Fraud Related to FEMA

FBI Reports Fraudulent Activity on Internet Related to Hurricane ...

Katrina Fraud Far and Wide

Saturday, April 01, 2006

The Internet Community is Sick and Tired of Cyber Crime and PIRT Volunteers Are on the Offensive

I recently wrote about PIRT (Phishing Incident Reporting and Termination Squad) hosted by the fine people at Castlecops. They are now up and running AND the Phishermen better BEWARE! The intention of PIRT isn't mere scam baiting, it is to take the sites down and help bring Phishermen to justice.

They've even let me work a few of the submissions.

I might note, they have been very patient with me as I'm more of a traditional investigations type versus a IT security expert.

Here is a very inspirational comment about PIRT posted in one of their forums:

It is about time! I've been trying to wage this war privately myself by tracing the IP of the source Phishing site and then attempting to contact the Owner of the I.P. address range or the Domain Name the site is being hosted from.

The security nay-sayers who claim a grass roots effort to throw the scammers out won't be successful because 'there's no money in it' haven't got a clue.

The internet community is ready to take the web BACK, and I'll gladly be on the front lines!

Thank you SO much.

If anyone is interested, here is my original post, which has all the information if anyone is interested in joining the cause:

The Phishing Incident Reporting and Termination Squad is Looking for a Few Good Men and Women

Lets face it, Phishing is becoming epidemic and ruining both the Internet AND the trust in financial systems. It's time to restore the TRUST in both of these areas!