Criminals who target taxpayers do their dirty deeds year round, but some nasty tax crooks are haunting individual filers and state tax officials this Halloween season.
Actually, on the state level, the tax ghouls got an early start.
South Carolina's state law enforcement and tax officials learned earlier this month that an international hacker broke into the Palmetto State's Department of Revenue computer files and gained access to about 3.6 million tax returns, along with around 387,000 credit and debit card numbers.
The theft of personal financial information, however, might have started as early as late August.
Photo by elhombredenegro via Flickr
Most of the information on the South Caroline revenue collection system, which includes state tax filings from 1998 to the present, is encrypted.
But, said officials, the crooks were able to get their hands on unencrypted Social Security numbers and around 16,000 unencrypted payment card numbers.
Officials aren't saying from which country the cyber break-in originated, just that the hacker was located outside the United States.
And they acknowledge that he or she had aobut 10 days to pilfer taxpayer data.
The good news is that the hacker(s) failed to access all of the tax information on the South Carolina system.
The S.C. Department of Revenue also has since contracted a private security company to assist in the investigation, help secure the state's computer tax system, install new equipment and software and institute tighter controls on system access.
In the meantime, South Carolina tax officials encourage anyone who has filed a state tax return since 1998 to visit protectmyid.com/scdor or call 1- 866-578-5422 to determine if their information is affected.
If so, affected taxpayers can immediately enroll in one year of identity protection and credit monitoring with Experian. The state will pick up the service's cost.
Tax phishing attempts, too: While folks in South Carolina are dealing with a cyber security tax threat, the Internal Revenue Service this week issued a special reminder to all taxpayers to beware of fake IRS websites.
The agency has recently received reports of a new tax scam that uses a website that mimics the IRS e-Services online registration page.
The actual IRS e-Services page offers Web-based products for tax preparers, not the general public. The phony Web page, says the IRS, looks almost identical to the real one.
The IRS gets many reports of fake tax websites year round. Criminals use them to phish for people who will provide personal and financial information that may be used to steal taxpayer money or identity.
If you get such a mailing, remember that the IRS never sends unsolicited messages to taxpayers.
Also note the website's URL. The address of the official IRS website is www.irs.gov. Fake sites set up by cyber crooks do not use the .gov suffix. Instead they end in .com, .net, .org or other designations.
If you find a suspicious website that claims to be the IRS, email the site's URL to firstname.lastname@example.org. Put "Suspicious website" in the email subject line.
And you and your tax information stay safe, this Halloween and the other 364 days of the year.