Tax day is a date that few consumers look forward to. However, there is one group that’s counting down the days, hours and minutes: fraudsters.

As Tax Day looms near, some taxpayers will be shocked to learn their refunds were already sent to a fraudster.

Tax fraud costs the U.S. government as much as $450 billion per year, according to recent estimates by the Internal Revenue Service and it’s only expected to rise.

Tax-related identity theft occurs when someone uses a stolen Social Security number to file a tax return claiming a fraudulent refund. Learn how identity theft based tax fraud has gotten worse and why it is very similar to account takeover fraud.

Large Scale Tax Fraud Incidents

Tax fraud has existed since the creation of taxes. Sadly, the advent of digital filing services has made fraud even more prevalent. Here are just a few of the major tax fraud incidents in only the last five years:

How Fraudsters Use Tax Information

It’s unfortunate that what makes it convenient for individual taxpayers to file and receive their tax returns also makes it easier for identity thieves to do the same thing.

Fraudsters prefer file early because it’s easier for them to operationalize all of the stolen information (names, dates of birth, Social Security numbers).

Basically, they’re eager to use that information to steal other people’s tax refunds. It’s very similar to the account takeover fraud that we’re used to in the private sector.

Tax Fraud Similarities to Account Takeover Fraud

The first step a fraudster takes in an account takeover is to acquire a customer’s personal identification information.

Some common ways that fraudsters steal account and personal information include:

  • Purchasing credentials via dark web sites
  • Searching social media or publicly available databases
  • Conducting a phishing scam through email or messaging services
  • Leveraging malware to install keyloggers to collect all data
  • Using a brute force password cracking tool

The worst part? This is all automated, so it happens on a huge scale.

Like tax fraud, when it comes to new transactions, fraudsters prefer to operate within email accounts they fully control. If they are taking over an existing email account, they will use what is already there to exploit relationships for financial gain. Why? Because using a compromised email address to setup new accounts can alert the consumer to unauthorized activity.

Once the fraudster acquires enough personal information, such as billing address, credit card number, or social security number, they will try to access the account and change the contact information. By changing contact information, the fraudster locks the real customer out of the account.

Depending on the business, this time allows fraudsters to place fraudulent orders, create new accounts, and cause general havoc.

Protecting Yourself and Your Customers

Tax fraud is mainly caused by identity theft. Here are four ways can educate your customers and protect your own business:

Don’t Use Your Social Security Number: You cannot get a new social security number, even if it’s been compromised. Protect yourself by requesting an IP-PIN from the IRS.

Beware of Risky Communications: The IRS only communicates through the U.S. Mail. Don’t trust emails or phone calls from anyone claiming to be from the IRS.

Use a Unique and Secure Password: Using a unique and secure password on every service is Information Security 101. Of course, don’t share your password or social security number with anyone.

Protect your personal information and that of any dependents: Don’t routinely carry Social Security cards, and make sure your tax records are secure.

How We Fight Back

To identify potentially compromised email accounts, we look for behavior changes around how the email is used in transactions.

There are certain signals from our network which can indicate if an email address has been potentially compromised. The biggest is if the email address has been part of any large-scale data breaches. Second is velocity activity – has there been in uptick in the number of transactions in a given timeframe?

Above all, we count on our network members to report suspected events associated with that email to raise key risk indicators.

Identify theft is a pain; preventing fraud doesn’t have to be. See how a Fortune 100 financial institution saved $20 Million in prevented fraud.