Editor’s note: Carl Hammersburg manages the Government and Healthcare Risk and Fraud team at SAS, and has been with SAS since 2012. Prior to that, he spent 20 years in anti-fraud activities for Washington State’s exclusive workers’ comp insurer, the Department of Labor and Industries.

CARY – As the COVID-19 pandemic sent shockwaves through the economy, government agencies pushed out billions of dollars to bolster the economy and help citizens in need. While essential, these efforts exposed the system to widespread fraud, particularly related to unemployment insurance.

Identity theft is at the center of many of those nefarious activities. There is a common four-step sequence bad actors have found to be effective in taking the government for significant sums of money. Essentially starting from a data breach, bad actors sell personal information on the dark web, prop up fake identities and then use those identities to launch large government fraud campaigns. Criminal fraud rings are now commonly using stolen personal identity credentials to file claims and open accounts on another person’s behalf, then redirect the funds to themselves. In many cases, identity thieves sit on vast amounts of stolen credentials, waiting for the perfect opportunity to use them.

With this fraudulent activity now happening on massive scales, it is critical to protect yourself against these types of predatory schemes. There are a number of actions consumers can take to avoid falling victim to these types of scams. Here are four things you can do as an individual consumer to protect yourself:

  1. File your taxes – To get ahead of scammers, file your taxes early before criminals have a chance to file in your name. Fraudsters tend to target people who haven’t filed their taxes, so don’t wait to file to avoid a false tax filing in your name.
  2. Don’t give out personal data – Identity thieves will often try to email, call, or text you with messages linking to a phony government website, in order to coerce you into sharing personal data. But when the IRS and other government agencies need to contact a taxpayer, the first contact is normally by a letter delivered by the U.S. Postal Service, according to the IRS’ website.The IRS doesn’t typically initiate contact with taxpayers by email, nor does it send text messages or contact through social media channels. In any case, do not share your address, Social Security Number or any other Personally Identifiable Information over the phone if you have not received written confirmation from the IRS that they are trying to contact you.
  3. Check the original source – If you do receive an email from an unknown source, it’s best not to open it at all. But if you do, do not click on links or attachments in the body of the email before checking that it’s from an authentic source. The easiest way to spot a fake email is to look closely at the email address it’s sent from. It should not just match the name of the person reaching out to you, but also easily identify the organization they are with. If you are still unsure, go directly to the source by typing the entity’s web address in the browser and use their “contact us” page.
  4. Follow basic cyber hygiene – It only takes a few small, but highly impactful, steps to avoid inadvertently granting access to your personal information. These steps may be familiar, but people often ignore them out of convenience. They include:
  • Avoid connecting to public wifi
  • Enacting two-step verification password protection
  • Don’t save credit card information for autofill on devices
  • Review bank and credit card statements thoroughly
  • Be wary of any unprompted messages regarding or requesting personal information

Identity thieves and fraudsters are relentless and have aggressively stepped up their efforts during the pandemic. More tips for staying protected against identity theft can be found on the Identity Theft Resource Center’s (ITRC) website.

SAS infographic