Last year someone attempted to file a fraudulent tax return in my parents' names. Luckily the IRS notified them before processing the refund and they avoided a huge pain in the rear (though it was not without difficulties).

Today, my elderly mother called to say she got a letter from Vanguard indicating that someone tried three times, unsuccessfully, to access their online account.

A cursory review of the identity theft protection services (e.g., Lifelock) suggests they couldn't have stopped either. But, I wonder if they should sign up for one nonetheless. What else can my parents do to protect themselves?

Thanks in advance.

Sorry.

Good Luck

2 step authentication <-- many sites have that and even if the bad dudes get the password right the second question is almost impossible to answer w/o knowing the person way too close, specially when the answer to the question is not the obvious one.

Would be good to have your parents in any of those protection plans just to play safe, suckers are beating the crap out of old people and that plain sucks.

Last year someone attempted to file a fraudulent tax return in my parent's names.

I blame the IRS for this (in part) because in the past it's been so easy for the bad guys to file fake returns with very little required to prove that they were legitimate. It would be so easy for the IRS to require information from several previous returns, stuff that the fraudsters are much less likely to know, unless they had insider access.

Ok I know it's probably stupid but why would you file a tax return in someone else's name?? Are you trying to cash in on some sort of refund or what's the payoff ??

They file a false tax return in another person's name and claim a large refund. The refund is sent to a PO box and the crooks get away with free money.

Two step authentication on financial accounts AND email accounts is a good first step. It seems obvious for financial accounts but if hackers can break into your email account (gmail, hotmail, yahoo etc) they can mine a lot of data about you so protect those also.

Assume that in the recent spate of break-ins hackers have your username and password for at least one site. If you use the same username and password for all sites, they can just sit there trying various financial sites with your username and password and eventually break in. So, don't reuse passwords. To help your parents go over and review their accounts and make sure they don't reuse any passwords and that passwords are reasonably complex.

Password managers such as Lastpass are valuable but for the computer impaired they can be a bit of a stretch to set up and manage. You could install Lastpass just to run their security check and see how exposed your parents are. Then decide what to do next.