Light Dark
April 14, 2015 By Brooke Satti Charles 3 min read
Fraud Protection
Government
Risk Management

Are you one of the many Americans who wait until the last minute to file their state and federal taxes? Do you often push the April 15 filing deadline? As the final stretch of tax season comes to a close, many unlucky Americans may find themselves the victims of tax refund fraud.

Stolen identity tax refund fraud takes place when someone willfully and intentionally files a tax return electronically using another person’s identity to fraudulently collect funds, made possible by flaws in the current IRS system. All that is required to file a return electronically is a victim’s date of birth and Social Security number. Additionally, the IRS starts to accept returns on Jan. 1, while companies are not required to send their filing information in until March. The problem remains because the IRS does not compare employer filings to employee filings until the middle of the summer.

How Does the Scam Work?

In order to pull off this type of scam, the fraudster must first get a hold of personally identifiable information (PII) of potential victims. PII includes a victim’s Social Security number and date of birth. With recent health care data breaches, more Americans are at risk of stolen identity tax refund fraud than ever before.

Fraudsters will use stolen PII to file a return in the victim’s name electronically early in the season. By filing it early, the fraudster has a higher chance of receiving the refund before the victim has started to file his or her return information and becomes aware any fraudulent activity has already taken place in his or her name.

Advances in technology such as e-filing systems make for a faster and simpler filing process for everyone — including fraudsters. They simply need a Wi-Fi connection, a laptop and the partial PII of potential victims. Some smartphones even have an app to file tax returns.

A fraudster can submit multiple phony refund filings in a day by simply fabricating a victim’s income, submitting the information electronically and requesting the refund be sent to his or her address or put on a prepaid debit card.

Case Examples of Tax Refund Fraud

A woman and her daughter were arrested in Raleigh, North Carolina, for filing fraudulent returns over a six-year period and pocketing an estimated $1.4 million. According to the Carolina Journal Online, the fraud involved fabricated identities, phony W-2 earnings statements and the listing of dependents who did not exist.

In a much larger case, a 75-year-old man from Fort Lee, New Jersey, was sentenced to 17 months in prison for filing fraudulent returns. According to the U.S. Department of Justice, U.S. Attorneys and the IRS celebrated the takedown of the scheme, which apparently involved the filing of more than 8,000 fraudulent federal returns claiming more than $65 million in fraudulent refunds. The losses to the United States totaled more than $12 million.

What Happens if You Are a Victim?

If you find yourself a victim of stolen identity tax refund fraud, notify the IRS Identity Protection Specialized Unit immediately. You will also need to fill out the IRS Identity Theft Affidavit (Form No. 14039).

Additionally, the IRS recommends victims take the following steps to ensure their safety:

  • Report incidents of identity theft to the Federal Trade Commission.
  • File a report with the local police.
  • Contact the fraud departments of the three major credit bureaus: Equifax, Experian and TransUnion.
  • Close any accounts that have been tampered with or opened fraudulently.

What Is Law Enforcement Doing About It?

The IRS has a skilled team of investigators who are leading the agency’s effort to combat the threat. The IRS has identified flaws in its online e-filing system and is working toward making the necessary changes. According to the FBI, the IRS is continuing to make enhancements in fraud prevention, early detection and victim assistance. Additionally, the FBI is teaming up with the IRS, U.S. Secret Service and banks to follow the money and identify criminal organizations that are engaged in tax refund fraud.

How Can You Prevent Yourself From Becoming a Victim?

While you won’t be able to prevent a large PII breach, you can take the following simple steps to protect yourself:

  • Keep your Social Security card secure at all times. Don’t carry it around in your wallet or leave it in plain sight. Treat your Social Security card as you would any valuable you own.
  • Always keep your financial information protected.
  • Run a credit report on a biannual or annual basis.
  • Protect your computers by keeping your antivirus system up-to-date, using firewalls, changing passwords routinely and not opening suspicious emails.
  • Never provide personal information over the phone nor through mail or email unless you initiated the contact and you are positive you know the person to whom you are providing it.
 |  |  |  |  |  |  |  |  | 
Brooke Satti Charles
Financial Crime Prevention Strategist, IBM Security

More from Fraud Protection
October 30, 2023

Virtual credit card fraud: An old scam reinvented

3 min read - In today's rapidly evolving financial landscape, as banks continue to broaden their range of services and embrace innovative technologies, they find themselves at the forefront of a dual-edged sword. While these advancements promise greater convenience and accessibility for customers, they also inadvertently expose the financial industry to an ever-shifting spectrum of emerging fraud trends. This delicate balance between new offerings and security controls is a key part of the modern banking challenges. In this blog, we explore such an example.…

August 23, 2023

Remote access detection in 2023: Unmasking invisible fraud

3 min read - In the ever-evolving fraud landscape, fraudsters have shifted their tactics from using third-party devices to on-device fraud. Now, users face the rising threat of fraud involving remote access tools (RATs), while banks and fraud detection vendors struggle with new challenges in detecting this invisible threat. Let’s examine the modus operandi of fraudsters, prevalence rates across different regions, classic detection methods and Trusteer’s innovative approach to RAT detection through behavioral analysis. A rising threat As Fraud detection methods become more and…

August 17, 2023

Gozi strikes again, targeting banks, cryptocurrency and more

3 min read - In the world of cybercrime, malware plays a prominent role. One such malware, Gozi, emerged in 2006 as Gozi CRM, also known as CRM or Papras. Initially offered as a crime-as-a-service (CaaS) platform called 76Service, Gozi quickly gained notoriety for its advanced capabilities. Over time, Gozi underwent a significant transformation and became associated with other malware strains, such as Ursnif (Snifula) and Vawtrak/Neverquest. Now, in a recent campaign, Gozi has set its sights on banks, financial services and cryptocurrency platforms,…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature