According to a recent report of the Treasury Inspector General for Tax Administration (TIGTA), the IRS failed to notify 458,658 people who the IRS had determined were victims of “employment identity theft” which occurs when someone steals a person’s Social Security number and uses it in order to secure employment. Illegal aliens have used this technique for years. This type of identity theft can pose problems for the victim because additional taxes may be computed by the IRS due to the reported income of the identity thief. In addition, the false wage information can pose a problem in regard to calculating Social Security benefits or even the claiming of Social Security benefits. The IRS has recognized the problem and is taking steps to correct it and notify victims of employment identity theft in the future, but for now, the burden is on all of us to take the steps necessary to determine as soon as possible if we have become victims of this crime.
TIPS
One effective way to monitor whether you have become a victim of employment identity theft is through the establishment of a My Social Security online account which is something everyone should do even if they are not receiving Social Security benefits in order to protect themselves from someone claiming Social Security benefits in your name. The Social Security Administration (SSA) has a helpful online service called My Social Security Account which allows you to set up a personal online account with the SSA that enables you to view your earnings history and estimates of benefits as well as manage your benefits online including changing your address or starting or changing direct electronic deposits of your check into a bank account you may designate. Being able to see your earnings history will help you recognize if you have become a victim of employment identity theft. 
While the My Social Security Account is a convenient service, it also provides a great opportunity for scammers who have been setting up My Social Security Accounts on behalf of people who have not already set up such accounts for themselves.  The scammers then make changes to the victim’s account by directing their benefits checks to be sent to bank accounts controlled by the scammers.  Even though  the Social Security Administration requires verification of personal information by asking questions that only the Social Security recipient should know as part of the process for opening a My Social Security Account, too often this information is available to a determined identity thief who is thereby able to fraudulently open an account in the name of their intended victim. In the wake of the Equifax data breach, this risk is very much increased.
In order to improve the security of the accounts, the SSA is now requiring people to use dual factor authentication to access their accounts once they have been set up.   At the user’s option, the dual factor authentication is done by the SSA sending a one time code either to the user’s email or cell phone although a scammer can merely provide his or her own phone number. Using an email address for dual factor authentication may also prove to be problematic because it is not particularly difficult for a sophisticated hacker to gain access to someone’s email account.
Just as the best defense against income tax identity theft is to file your income tax return before an identity thief attempts does so in your name, so the best defense against the fraudulent setting up of a My Social Security Account in your name is for you to set one up first and protect its safety with a strong username and password. For information about signing up for a My Social Security Account go to https://ssa.gov/myaccount/
In addition, as a further protection, you can also require that any changes to the bank account into which your check is electronically deposited only be done at a Social Security branch office and not on your online account.