BreachExchange mailing list archives
Identity thieves filing fake returns using data on real taxpayers
From: Jake Kouns <jkouns () opensecurityfoundation org>
Date: Tue, 22 May 2012 09:52:06 -0400
http://www.baltimoresun.com/business/money/bs-bz-ambrose-scams-refunds-20120520,0,515219.story Victims can spend more than a year trying to clear up the mess Here's another reason to file your tax returns as early as possible: an identity thief might beat you to the money. Identity thieves are filing fake federal returns using taxpayers' Social Security numbers and claiming tax refunds worth billions of dollars. The taxpayers only find out about it when their returns are rejected by the IRS because someone already received a refund using their identity. It's a big problem — and one that's rapidly growing, according to a report this month from the Treasury Inspector General for Tax Administration. That report says 641,052 taxpayers were affected by identity theft last year, more than double the year before. IRS resources haven't kept pace with the growing fraud, and cases sometimes take more than a year to resolve, the report says. Meanwhile, victims receive confusing information from the IRS and sometimes are asked repeatedly to prove their identity. Inspector General J. Russell George testified before Congress this month that the IRS detected 940,000 fake returns for 2010 in which identity thieves attempted to gain $6.5 billion in refunds. And while the IRS catches a lot of fraud, he said, much goes undetected. An audit of 2010 returns by the inspector general found about an additional 1.5 million returns with potentially fraudulent refunds worth more than $5.2 billion. If the problem isn't addressed, he said, the IRS could dish out about $26 billion in refunds to thieves over the next five years. The IRS disputes that five-year projection, saying the inspector general doesn't take into account all the steps the agency is taking to fight fraud. But both sides agree that fraudulent returns filed by identity thieves is a serious problem. Tax experts say thieves basically need just a name and legitimate Social Security number, which is far too easy to get these days. Hospitals, doctor's offices, credit card issuers, cellphone companies, schools and all sorts of businesses collect Social Security numbers — even if they don't need them. All it takes is lax security — and there's plenty of that — or one unscrupulous employee, and thousands of Social Security numbers can wind up in the hands of criminals. Once thieves have the numbers, they can make up W-2 information or use stolen data from employers to create fake returns, tax experts say. Fraudulent returns — filed early in the tax season — claim low incomes and high tax withholdings to inflate refunds. The money is deposited directly into a thief's bank account or onto a debit card. The IRS is "just getting the refunds out right away," says Max Neil Highstein, a Lutherville accountant. It's not until after the April tax deadline that the IRS begins to match returns with 1099 forms, W-2s and other information provided by third parties, which can expose the fraud, he says. Highstein has had two tax clients with stolen identities this year. One is Bill Niermann, 59, a retired insurance agent in Timonium. Niermann says he didn't know that someone from another state had stolen his Social Security number until Highstein told him that his electronically filed return had been rejected. "I went into panic mode," he says. Niermann filed an affidavit with the IRS attesting to the theft and sent in information to verify his identity. He also put a fraud alert on his credit reports, changed passwords on "everything that had a password," canceled his credit cards and opened new ones. He says he's spent nearly his entire life in Maryland and wonders why that didn't trigger suspicions at the IRS when it received a return from another state with his Social Security number. Niermann says the IRS will be sending him an Identity Protection Personal Identification Number to use when filing his return next year. In the meantime, he's still waiting for his 2011 refund. "I'm due a $9,000 refund," he says. "God knows when I'll see it." _______________________________________________ Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://datalossdb.org/mailing_list Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) Risk Based Security equips organizations with security intelligence, risk management services and on-demand security solutions to establish customized risk-based programs to address information security and compliance challenges. Tenable Network Security (http://www.tenable.com/) Tenable Network Security provides a suite of solutions which unify real-time vulnerability, event and compliance monitoring into a single, role-based, interface for administrators, auditors and risk managers to evaluate, communicate and report needed information for effective decision making and systems management.
Current thread:
- Identity thieves filing fake returns using data on real taxpayers Jake Kouns (May 22)