Do you pay taxes to the government of the USA? If yes, then you, yes you, need to do something very important. I have mentioned this topic elsewhere, but I’m going to try to be very clear and direct here.

You are in danger of serious problems with the Internal Revenue Service. To reduce this peril, you must go to the IRS’s web site ( http://www.irs.gov ) and you must request a transcript. Do this. Do it now.

The specific page is http://www.irs.gov/Individuals/Get-Transcript but feel free to find it yourself just to be sure.

Now, what exactly is the problem and how does this solve it?

The clearest description of the problem is from the ever excellent Brian Krebs at krebsonsecurity.com. The entire problem is actually neatly summarized in the title of this lucid article:

Sign Up at irs.gov Before Crooks Do It For You

You can go read that, but here’s a summary of the problem.

  1. Bad guy requests an IRS transcript in your name.

  2. IRS "authenticates" bad guy as you by asking some information which is easily available from credit reports.

  3. Bad guy now has your tax history, SSNs of family, etc, everything needed to file a tax return as you.

  4. Bad guy synthesizes a plausible return and changes address to a money mule.

  5. Even if your real tax status owed money, the bad guy engineers a maximal refund which is sent.

  6. You prepare and send in your legitimate tax return unaware of any of this activity.

  7. Very nasty surprise when the IRS rejects your return and accuses you of tax fraud.

I just signed up last night, and yes, step #2 was absurd. Really anyone who knew my SSN (landlord, dentist, etc, etc) could have easily guessed their way through the (multiple choice) questions. This is especially true at some place like the dentist where they know what my normal payment method is. Without going into too much detail, how hard would it be to guess that I do not have a bank account at Crédit Agricole in France?

As Krebs says, sign up before someone else does! I shouldn’t have to say it, but obviously, use a very good password. Do not use a password that you use elsewhere. One problem I had and saw that others had was that a password like z9Vnu'7dx'uj8v is invalid. The reason is that when the password requirements say "special characters", they mean only the ones they list. That list doesn’t include apostrophes, so they are invalid. Other than that, it should make sense.

Let’s review. Go to the IRS. Sign up for an account to request a transcript for yourself. You don’t care about the transcript, but you’re trying to protect that information in the future. This isn’t some far away problem that can’t happen to you. I work with someone who was hit with this and it sounds like a complete nightmare. Good luck!

Update: Still not scared? I work with a lot of students and young people. I just personally witnessed an "authentication" session where the person did not have an extensive credit history to draw upon. All of the questions were clearly absurd for this person ("Which bank did you open a small business line of credit account with?") And all answers were "none of the above".

UPDATE 2016-06-22 It seems the IRS is re-enabling transcripts. But you must have a cell phone contract which seems pretty harsh (and not even especially effective) for people who avoid them as security liabilities themselves.