News

Are Tax Fraudsters Hacking Online IRS Accounts?

Tax fraudsters are now using the U.S. Internal Revenue Service’s online self-service to get the information they need to file fraudulent tax returns and steal refunds, Krebs on Security reported on Monday (March 30).

The problem came to light after a reader named Michael Kasper contacted security reporter Brian Krebs to describe how, after he was unable to file his tax return through TurboTax — which said the IRS rejected the filing because a return had already been filed — he was finally able to track down where his refund had gone, a process that took more than a month.

It required contacting the IRS, paying a $50 fee to get a copy of the fraudulent tax return, contacting the bank where the refund was direct-deposited, contacting the local police department for that bank, and putting holds on his credit reports and the fake account at IRS.com that had been opened in Kasper’s name.

In fact, that account appears to have been the key for the fraudster to collect the necessary information to file the phony tax return, since the transcript he received of the fraudulent return suggested that the fraudsters had copied all the information from his previous year’s W-2 form, increasing the amounts slightly for the new return.

“Kasper said he can’t prove it, but he believes the scammers obtained that W-2 data directly from the IRS itself, after creating an account at the IRS portal in his name (but using a different email address) and requesting his transcript,” Krebs on Security reported.

“‘The person who submitted it somehow accessed my tax return from the previous year 2013 in order to list my employer and salary from that year, 2013, then use it on the 2014 return, instead,” Kasper said. “In addition, they also submitted a corrected W-2 that increased the withholding amount by exactly $6,000 to increase their total refund due to $8,936.”

While the checking account that was used to direct-deposit the refund was one that Kasper had never used, the address on the return was Kasper’s, although he received no notification of a return or refund.

In the face of increasing tax return identity fraud, in July 2014 the IRS issued new regulations that limited the number of direct-deposit refunds to three, after which a paper check would have to be sent to the street address on the return. Unfortunately for Kasper, there was only one refund involved.

——————————–

Latest Insights: 

The Which Apps Do They Want Study analyzes survey data collected from 1,045 American consumers to learn how they use merchant apps to enhance in-store shopping experiences, and their interest in downloading more in the future. Our research covered consumers’ usage of in-app features like loyalty and rewards offerings and in-store navigation, helping to assess how merchants can design apps to distinguish themselves from competitors.

1 Comment

TRENDING RIGHT NOW

To Top