Cyber criminals are manipulating IRS online resources to steal tax refunds.–PC Pitstop.
Guard Your Tax Refund Against Cyber Thieves
by Fox Van Allen for Techlicious
Are you an American? Have you signed up for an account at IRS.gov? If not, you should take action and do so right away. Krebs on Security is reporting that criminals are fraudulently creating accounts in taxpayers’ names to further a scheme to steal tax refunds.
The IRS’s process for verifying people requesting transcripts is vulnerable to exploitation by fraudsters because it relies on static identifiers and so-called “knowledge-based authentication” (KBA) — i.e., challenge questions that can be easily defeated with information widely available for sale in the cybercrime underground and/or with a small amount of searching online.
To obtain a copy of your most recent tax transcript, the IRS requires the following information: The applicant’s name, date of birth, Social Security number and filing status. After that data is successfully supplied, the IRS uses a service from credit bureau Equifax that asks four KBA questions. Anyone who succeeds in supplying the correct answers can see the applicant’s full tax transcript, including prior W2s, current W2s and more or less everything one would need to fraudulently file for a tax refund.
Earlier this year, Techlicious reported a sharp increase in fraudulent tax filings. In the most common scheme, a criminal creates an IRS.gov account in the victim’s name. They then access the victim’s 2013 tax return to accurately list their employer and salary on a fraudulent 2014 return. That return is e-filed with a request for an artificially inflated tax refund. The stolen cash is direct deposited into the account of a naive mule recruited off of Craigslist, who is tricked into sending the money to Nigeria via Western Union money orders.
Making matters worse, having your IRS account in the hands of criminals also makes it more difficult to report the fraud to police and financial institutions in a timely manner. Per IRS policy, fraudulent transfers are only reported to law enforcement after the filing of forms and the conclusion of the resulting investigation. Having access to your IRS.gov account allows you to obtain the routing number and account number the criminal used, letting you report the crime yourself.
Here are five ways filers can protect their tax information and refunds from getting stolen:
(US News & World Report)
1. Have your refund direct deposited.
2. Take your tax conversations offline.
3. File as soon as possible.
4. Track your refund.
5. Get an identity protection PIN.
230 total views, 1 views today