Patch lady – Make sure your 1099s are private

A bit off topic to patching – and very much USA centric at this time.  I’ll urge you to review your tax notices (or 1099s) (**) that you should have received – or are receiving – at this time.  Make sure that if they are mailed to you that your bank or sender has blanked out the tax identification number so that only the last four digits are listed.  Make sure that the entire social security number is not listed – especially if you get your tax documents emailed to you insecurely or mailed to you.

I live in a neighborhood where the mailboxes are out on the street in unlocked mailboxes.  I have recently installed an alert on my mailbox that sends me a text message and email alert every time the door to my mailbox is opened.  Twice since I have installed it, I’ve seen people early in the morning and late at night go down the street opening the doors of the mailboxes obviously looking for tax documents and or refund checks.

(On a geek note they use Amazon web services notification to send an email and text with the circuit of the magnet is broken when the door to the mailbox is open.  It hooks to my wifi so that I can get the alerts.  Obviously now I need to install a camera that can grab the car license number as someone opens the door to the mailbox as stealing mail is a crime.) 

Also make sure anything emailed to you doesn’t include your full social security number.  If anyone sends you a document and doesn’t demand that you go through a slightly annoying process of logging into something, or providing a password, or touching your toes, or something else annoying and instead just emails you a pdf of sensitive information that you can read immediately after opening the pdf, so can the attackers.  Complain to any vendor, bank, financial institution and accounting firm and hold them accountable to doing a better job to keeping your identity secure.

And if you think adding a four digit pin to a pdf helps to make it secure, there are a number of tools that will remove passwords from pdfs in a short amount of time.

My sister has had tax identity theft and she has to provide a PIN number when she files her tax return.  Unfortunately those of us who have not had our identity stolen through the IRS system can’t get this same multi factor authentication process because the tax computers are a bit too archaic and there isn’t enough funds set aside to afford multi factor authentication for all of us taxpayers (I’m not kidding).

So my recommendation is to file as early as you can as the person who files earliest (either the identity thieves or you) gets first into the system.

Remember that the IRS never ever calls you.  Ever.  Nor do they email you.  They also don’t call demanding payment or a credit card number and say that they will be there soon to arrest you.    The IRS audit process is a slow slow process and you will get many things mailed to you over time.  And especially they do not call with a thick foreign accent pretending to be from an area code that could be an IRS center (VOIP can be made to look like it’s from a USA number even when they are calling from overseas).

So take a look at those tax documents you are getting and see how private they are.  Complain when they aren’t.

(**)  1099’s is the number of the form that the USA government requires that businesses send to recipients of bank interest, dividends, non employee compensation.  You may also receive your salary on a form W-2 that has your tax identification number.  For anyone overseas, think about any document that gets sent to you that has sensitive information on it.  Do you want it emailed to you just as an email attachment?  If no, take the time to reach out to the sender and ask them that they do something better to protect your information.