Identity theft has become a major problem at tax time

WEST PALM BEACH, Fla. — Rampant identity theft by criminals who file fraudulent returns using someone else's Social Security number is the nation's biggest tax-related scam, and a costly one, the Internal Revenue Service says.

The IRS estimates it will lose $26 billion due to fraudulent refunds from 2012 through this year.

Most victims find out when they file their tax returns electronically and it bounces back because someone has already filed a return using their identity. The agency continues to fight identity theft on several fronts, including its "Taxes. Security. Together." campaign launched in November to raise taxpayer awareness.

This tax season more than 20 new data elements from tax return submissions will be shared with the IRS to assist in detecting and preventing identity theft.

Some of the new elements to protect against fraud include:

• Reviewing the transmission of the tax return, including the improper and/or repetitive use of Internet Protocol numbers, the Internet "address" from which the return is originating.

• Reviewing computer device identification data tied to the return's origin.

• Reviewing the time it takes to complete a tax return, so computer-mechanized fraud can be detected.

• Capturing metadata — data that defines other data — in the computer that will allow review for identity theft-related fraud.

The IRS also reached agreements with TurboTax and other software providers that require new standards including passwords that are a minimum of eight characters with uppercase, lowercase, alpha, numerical and special characters.

Shaun Murphy, CEO of Private Giant in Orlando, said that if you file your tax return online and save the return on your computer or tablet, make sure the device has an encrypted mode. Check under settings. He recommends having a strong six-digit pin, rather than just four digits, to unlock your devices.

Don't store the return in the cloud and don't text or e-mail it to anyone, Murphy said.

The IRS recommends considering these steps to protect yourself from identity thieves:

• Equip your computer with security software and make sure it updates automatically. Essential tools include: firewall, virus/malware protection and file encryption for sensitive data.

• Treat your personal information like cash. Don't leave it lying around.

• Check out companies to find out who you're really dealing with.

• Give personal information only over encrypted websites — look for "https" addresses.

• Use strong passwords and protect them.

• Back up your files

• Avoid phishing e-mails, texts or calls that appear to be from the IRS and companies you know and trust, go directly to their websites instead.

• Don't open attachments in e-mails unless you know who sent it and what it is.

• Download and install software only from websites you know and trust.

• Use a pop-up blocker.

• Don't routinely carry your Social Security card or documents with your SSN.

• Do not overshare personal information on social media.

• Keep old tax returns and tax records under lock and key or encrypted if electronic. Shred tax documents before trashing.

Another major scam is IRS impersonators who pose as IRS agents and make phone calls demanding payment and threatening taxpayers with arrest, deportation, license revocation and more.

The IRS will not call you with threats of jail or lawsuits. The IRS will not send you an unsolicited e-mail suggesting you have a refund or that you need to update your account. The IRS will not request any sensitive information online. These are all scams.