Ounce of prevention is worth a pound of IRS tax-scam cure

Tax scams aimed at consumers are now a national epidemic.

Through a seemingly endless array of new and clever schemes, sophisticated crime rings and other assorted crooks manage to cheat individuals, the federal government and states out of millions of dollars each year and keep regulators working to stay one step ahead of them.

Yet there are relatively simple ways for consumers to try to guard against some of the most common scams and for victims to do damage control.

Taking steps to prevent identity theft is a good place to start. One of the most pervasive forms of tax fraud is identity-theft refund fraud, which occurs when scammers use someone else's name and Social Security number to file a tax return and claim a fraudulent refund. This brand of fraud tops the Internal Revenue Service's most recent Dirty Dozen list of common scams.

A man directs people to the Liberty Tax Service office as the deadline to file taxes looms on April 15, 2016 in Miami, Florida.
Getty Images

"What's happening now is that crooks are compiling information on people not so much to misuse credit cards or other accounts, but so that they can file what looks to be a legitimate tax return," said Kay Bell, a tax analyst at Bankrate.com

Nearly 18 million Americans, about 7 percent of U.S. residents age 16 or older, were victims of identity theft in 2014, according to a report issued last year by a division of the Department of Justice.

According to the IRS and other experts, here are some things you can do to protect yourself from identity theft.

Practice good password management for your online accounts, including email and social media accounts. Use strong passwords — which include a combination of upper- and lowercase letters, numbers and symbols — and use different passwords for each account. Change passwords regularly, and don't forget to secure your mobile devices with passwords.

Install antivirus software on your computer, and keep it updated. Also, use the latest version of your web browser and install security patches and software updates, including updates to tax-prep software.

● Don't carry your Social Security card, or documents containing your Social Security or individual taxpayer identification numbers (TIN).

More from Investor Toolkit:
Need money tips? Avoid family, friends
Investing outside your comfort zone can pay off
Don't let these people near your money

● Don't toss account statements or other documents with sensitive personal information in the trash, and make sure they are stored in a secure place at home. Shred them if you need to dispose of them.

● Check your credit report at least once a year and your Social Security Administration earnings statement annually.

● Don't give out personal information over the phone, through the mail, online or via text unless you have initiated the contact and are sure you know who's on the receiving end. In fact, you don't have to give your Social Security number to a business or health-care provider just because you're asked. Only disclose it when absolutely necessary.

Phone and email phishing scams by criminals impersonating IRS agents rank up there with identity-theft refund fraud on the IRS's latest Dirty Dozen list. Phone and phishing scams are often designed to scare consumers into paying bogus tax bills or clicking on links in emails that install malware on their computers or that redirect them to official-looking websites used to steal personal information.

The IRS won't arbitrarily contact taxpayers by phone or email, let alone threaten them with immediate arrest, demand payment without discussion or require payment of taxes through a specific method, such as a prepaid debit or gift card or wire transfer.

"The IRS won't send you an email about a tax bill or refund out of the blue," said IRS Commissioner John Koskinen in a prepared statement. "We urge taxpayers not to click on any unexpected emails claiming to be from the IRS."

If you get an unsolicited email that appears to be from the IRS or an agency linked to the IRS, forward it to phishing@irs.gov. Also, delete it from your inbox and trash folder, said Adam Levin, chairman of consulting firm IDT911.

When it comes to suspicious phone calls, hang up right away and report them to the U.S. Treasury Inspector General for Tax Administration and the Federal Trade Commission.

If you think you might owe taxes, it's better to contact the IRS directly and deal with the issue rather than making yourself a good target for scammers, said Bell of Bankrate.com.

"It's better to just get it out in the open," she said. "You will protect yourself from being vulnerable to scams and eventually getting caught by the IRS and having to pay penalties and interest on anything you might owe."

Of course, crooks have managed to get their hands on information about millions of Americans through hacks of large companies and government agencies.

"To a hacker, scammer or cybercriminal, we are all Kim Kardashian. We have what they want, because there is a pot of gold at the end of the rainbow." -Adam Levin, chairman of IDT911

Financial advisor John Eckel has clients who have been victims of identity-theft refund fraud, and he suspects their Social Security numbers were lifted during the 2014 hack of Anthem, one of the largest managed health-care companies in the country.

"When they were filing their returns, they learned from the Internal Revenue Service that someone had beaten them to the punch," said Eckel, a certified financial planner and founder of Pinnacle Investment Management.

"These were high-level corporate executives and someone filed EZ forms (the shortest and simplest tax-return form) on their behalf," he said. "They had used the long form for years." Eckel added that his clients responded by filing an Identity Theft Affidavit with the IRS and requesting an Identity Protection PIN to use for future tax filings.

They eventually got the refunds they were owed, said Eckel, who for years has made it a priority to educate clients and employees about identity theft, cybercrime and other types of fraud by hosting expert-led seminars and writing on the issues.

According to the IRS, victims of identity theft should file a report with local police and a complaint with the Federal Trade Commission and contact one of the three major credit bureaus to place a "fraud alert" on their accounts. They should also close any accounts that have been compromised or opened fraudulently.

Your Wealth: Weekly advice on managing your money

Sign up to get Your Wealth

Please enter a valid email address
Get this delivered to your inbox, and more info about about our products and service. Privacy Policy.

The agency suggests that victims of tax-related identity theft respond right away to any IRS notice, complete an Identity Theft Affidavit and continue to pay their taxes and file returns (even if they must mail in paper returns rather than file electronically). Taxpayers who have contacted the IRS about an identity-theft problem and haven't been able to resolve the issue should get in touch with the agency's Identity Protection Specialized Unit by calling 800-908-4490.

Eckel urges clients who suspect that their Social Security numbers and other personal information have been stolen to work to contain any potential damage by putting a freeze on their credit, which can be done by contacting Equifax, Experian and TransUnion. A freeze restricts access to an individual's credit report, making it more difficult for identity thieves to open accounts in that person's name.

"Most people think: 'I'm just a regular person; scammers only want the rich or famous,'" said Levin, author of "Swiped: How to Protect Yourself in a World Full of Scammers, Phishers and Identity Thieves."

"To a hacker, scammer or cybercriminal, we are all Kim Kardashian," Levin added. "We have what they want, because there is a pot of gold at the end of the rainbow. Unfortunately, it is our gold and their rainbow."

— By Anna Robaton, special to CNBC.com