Nothing is certain but death, taxes and identity theft.

[Jake Kouns <jkouns () opensecurityfoundation org>]

http://www.datalossdb.org/incident_highlights/58-nothing-is-certain-but-death-taxes-and-identity-theft

2013-03-12 by eabsetz

As we are well into tax season, there has been a trend of articles in
the news involving identity theft and tax fraud. Individuals are
stealing information from various sources, which are not only
businesses, but also straight out of mailboxes in order to commit
identity theft and file false tax returns. Some of these criminals
have been reported to net as much as $11 million with their schemes
before being caught. 641,690 incidents had been identified by the IRS
as of September 30, 2012.

Each of these incidents are a concern. However, all are not reported
in DatalossDB as we require data loss incidents to have a steward
organization. Therefore, we submit only to our database the schemes
where personal data is stolen from an organization or business, but
discard those where the data is stolen out of mailboxes as they don’t
fit our requirements.

Here are some snippets of the latest cases we have seen in the news;
these cases include both ones DatalossDB would and would not catalog.
There seems to be a trend in state employees and tax preparers
stealing information to file false tax returns themselves or to sell
the personal information to others.

In one case in Alabama, a state employee obtained identification
information from a state database from October 2009 until April 2012.
That is two and a half years in which she went undetected while
working with co-conspirators to file over 1,000 false tax returns and
receiving fraudulent returns totaling $1.7 million.

In Los Angeles County, the Department of Public Social Services had an
employee, who as a receptionist had access to the systems to input
data and assistance requests. She took screenshots of 132 applicants’
PII (Personally Identifiable Information), and with the help of her
husband and friends filed 65 tax returns in 2011 netting a total of
$357,704.90 in fraudulent claims.

In Silver Spring, MD, two brothers running a tax service together
stole identities from Puerto Rican residents to submit fraudulent
claims through their business. They filed 13 false returns totalling
$43,264.

Another tax preparer used information of previous clients and deceased
persons in order to defraud the IRS and taxpayers for over $200,000
from 2003 to 2008.

The largest case we've seen, which is currently awaiting sentencing,
took place in Fort Lauderdale and involved the filing of around 2,000
false tax returns from October 2010 until June 2012. This particular
identity theft tax fraud scheme pulled in over $11 million.

To many, this might seem like a great way to make money. Here are some
of the punishments that have or will befall these criminals. If
convicted, the Alabama state employee is facing 20 years for each wire
fraud count, 10 years for each computer fraud count, 10 years for
conspiracy to file false claims, 2 years for aggravated identity
thefts, fines, and mandatory restitution. The tax preparer, who used
client and deceased persons information, was sentenced to 60 months in
prison and paying full restitution amounting in excess of $200,000. As
for the case where the scheme pulled in around $11 million, one of the
women involved is looking at possibly being sentenced to 351 years.
That is around 6 lifetimes of prison!

The IRS is taking action in response to the increase in tax related
identity theft over the last few years. They have activated new
identity theft filters, and are working with over 130 financial
institutions to help identify identity theft schemes. The IRS has also
trained over 35,000 people, who have direct contact with taxpayers, in
ways to help identify red flags associated with identity theft, and
they have doubled the employees in their tax related identity theft
department.

Multiple resources including the IRS are recommending a few things to
help keep your identity safer. Make sure that you do not carry your
Social Security card around in your wallet or purse; if you do, take
it out and place it somewhere secure. In fact, it is a good idea to
take any documents containing personal information and secure them in
your home. Many businesses ask for your Social Security number, even
if it is not mandatory information. It is best to not automatically
provide it every time you are asked. Never give out your personal
information over the phone or email; the IRS does not contact
taxpayers either way to acquire information. Monitoring your credit
report on a regular basis can help to identify identity theft,
hopefully before the loss becomes severe.
_______________________________________________
Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security equips organizations with security intelligence, risk
management services and on-demand security solutions to establish
customized risk-based programs to address information security and
compliance challenges. 

Tenable Network Security (http://www.tenable.com/)
Tenable Network Security provides a suite of solutions which unify real-time
vulnerability, event and compliance monitoring into a single, role-based, interface
for administrators, auditors and risk managers to evaluate, communicate and
report needed information for effective decision making and systems management.