Tax day is a date that few consumers look forward to. However, there is one group that’s counting down the days, hours and minutes: fraudsters.
As Tax Day looms near, some taxpayers will be shocked to learn their refunds were already sent to a fraudster.
Tax fraud costs the U.S. government as much as $450 billion per year, according to recent estimates by the Internal Revenue Service and it’s only expected to rise.
Tax-related identity theft occurs when someone uses a stolen Social Security number to file a tax return claiming a fraudulent refund. Learn how identity theft based tax fraud has gotten worse and why it is very similar to account takeover fraud.
Large Scale Tax Fraud Incidents
Tax fraud has existed since the creation of taxes. Sadly, the advent of digital filing services has made fraud even more prevalent. Here are just a few of the major tax fraud incidents in only the last five years:
- In February 2015, TurboTax delayed its state e-filing tax return services due to security concerns. TurboTax explained that it’s data had not been compromised, but instead, fraudsters had stolen identity information and used it to file fraudulent returns.
- In May 2015, the Internal Revenue Service (IRS) revealed that identity thieves potentially gained access to approximately 390,000 taxpayer accounts during the period of January 2014 through May 2015 through its “Get Transcript” web application.
- In February 2016, the U.K. press reported that fraudsters initiated a fake email scheme to file 17,000 fraudulent or incorrect repayment claims with Her Majesty’s Revenue and Customs, potentially worth up to £100 million in total.
- In February 2016, the IRS identified and halted an automated attack upon its Electronic Filing PIN application on IRS.gov. Identity thieves stole personal data outside the IRS, and used software to generate E-file PINs for stolen social security numbers. An E-file pin is used in some instances to electronically file a tax return.
How Fraudsters Use Tax Information
It’s unfortunate that what makes it convenient for individual taxpayers to file and receive their tax returns also makes it easier for identity thieves to do the same thing.
Fraudsters prefer file early because it’s easier for them to operationalize all of the stolen information (names, dates of birth, Social Security numbers).
Basically, they’re eager to use that information to steal other people’s tax refunds. It’s very similar to the account takeover fraud that we’re used to in the private sector.
Tax Fraud Similarities to Account Takeover Fraud
The first step a fraudster takes in an account takeover is to acquire a customer’s personal identification information.
Some common ways that fraudsters steal account and personal information include:
- Purchasing credentials via dark web sites
- Searching social media or publicly available databases
- Conducting a phishing scam through email or messaging services
- Leveraging malware to install keyloggers to collect all data
- Using a brute force password cracking tool
The worst part? This is all automated, so it happens on a huge scale.
Like tax fraud, when it comes to new transactions, fraudsters prefer to operate within email accounts they fully control. If they are taking over an existing email account, they will use what is already there to exploit relationships for financial gain. Why? Because using a compromised email address to setup new accounts can alert the consumer to unauthorized activity.
Once the fraudster acquires enough personal information, such as billing address, credit card number, or social security number, they will try to access the account and change the contact information. By changing contact information, the fraudster locks the real customer out of the account.
Depending on the business, this time allows fraudsters to place fraudulent orders, create new accounts, and cause general havoc.
Protecting Yourself and Your Customers
Tax fraud is mainly caused by identity theft. Here are four ways can educate your customers and protect your own business:
Don’t Use Your Social Security Number: You cannot get a new social security number, even if it’s been compromised. Protect yourself by requesting an IP-PIN from the IRS.
Beware of Risky Communications: The IRS only communicates through the U.S. Mail. Don’t trust emails or phone calls from anyone claiming to be from the IRS.
Use a Unique and Secure Password: Using a unique and secure password on every service is Information Security 101. Of course, don’t share your password or social security number with anyone.
Protect your personal information and that of any dependents: Don’t routinely carry Social Security cards, and make sure your tax records are secure.
How We Fight Back
To identify potentially compromised email accounts, we look for behavior changes around how the email is used in transactions.
There are certain signals from our network which can indicate if an email address has been potentially compromised. The biggest is if the email address has been part of any large-scale data breaches. Second is velocity activity – has there been in uptick in the number of transactions in a given timeframe?
Above all, we count on our network members to report suspected events associated with that email to raise key risk indicators.
Identify theft is a pain; preventing fraud doesn’t have to be. See how a Fortune 100 financial institution saved $20 Million in prevented fraud.