These types of information-gathering scams can also work via email. Your best bet for keeping your identity safe in the future is to refuse to respond to any online requests for personal information that claim to come from the IRS, since the IRS doesn’t operate that way. The above article is intended to provide generalized financial information designed to educate a broad segment of the public; it does not give personalized tax, investment, legal, or other business and professional advice. Before taking any action, you should always seek the assistance of a professional who knows your particular situation for advice on taxes, your investments, the law, or any other business and professional matters that affect you and/or your business.
The good news is the IRS Criminal Investigation Division has helped convict almost 2,000 identity thieves. This product was produced by Identity Theft Resource Center and supported by grant number 2014-XV-BX-K003, awarded by the Office for Victims of Crime, Office of Justice Programs, U.S. Department of Justice. The opinions, findings, and conclusions or recommendations expressed in this product are those of the contributors and do not necessarily represent the official position or policies of the U.S.
Customers don’t need to take further action at this time, the company said. Not only have the fraudsters shifted from attacking the IRS to robbing state coffers, but the methods they use to steal taxpayer data also are evolving.
Intuit Inc. has been sued by several high profile plaintiffs’ lawyers alleging that the company’s lax security protections in TurboTax software helped enable fraudulent tax returns. This year’s tax filing season got off to a bad start with huge security concerns that stopped TurboTax state filings for days and then spread to federal filings. A written notice from the IRS may be your first indication of a problem. Identity thieves file fraudulent returns early; when you file after the IRS gets a return that carries your SSN, the IRS alerts you in writing. The agency also contacts suspected identity theft victims when their SSN matches that of a “taxpayer” who owes money or gets a refund that covers taxes due when it has no return on file.
What Is Identity Theft?
Securities and Exchange Commission, alleging that the company routinely placed profits ahead of ethics. Nevertheless, a number of organizations specialize in selling access to EINs.
Credential stuffing is easy to accomplish, regardless of the criminal’s level of technology know-how. Entire databases of compromised records are available for sale on the dark web, meaning anyone with the means can simply purchase login credentials and use them to steal information from other accounts.
Public companies publish their EINs on the first page of their annual 10-K filings with the Securities and Exchange Commission. Still, EINs for millions of small companies here in the United States are not so easy to find, and many small business owners probably treat this information as confidential. Magee said ACTR also protested that tax prep firms like Intuit couldn’t legally share certain information about their customers with the states and the IRS. I handle tax matters across the U.S. and abroad (), addressing tax problems, tax disputes, writing tax opinions, tax advice on legal settlements, transactions, crypto, and many other matters. Intuit, the Intuit logo, checkmark design, TurboTax, EasyStep, QuickBooks, and ItsDeductible among others, are registered trademarks or service marks of Intuit Inc. in the United States and other countries.
Ms. Diaz last used TurboTax in 2011, when she used the online version of the software to file her joint return. But in March 2015, before filing her tax return, she received a bill for $242 from TurboTax for supposedly filing a federal tax return through the software, along with state returns in Michigan, Missouri, Ohio and Oklahoma.
They hope to represent a nationwide class of TurboTax customers (like Ms. Diaz) who had personal data stolen. They are even aiming for a second nationwide class of non-customers (like Ms. Fugatt) who were victims of fraudulent tax returns filed in their name through TurboTax. The lawsuit was filed in federal court in San Francisco by two women claiming they were hurt by TurboTax.
- Between 2015 and 2019, the number of taxpayers reporting they were identity theft victims fell 80%.
- You can report identity theft through the website or by contacting the Federal Trade Commission by phone at .
- Other parties’ trademarks or service marks are the property of their respective owners.
- Picking the app you want comes down to two main factors – quality and price.
Securely access your account by entering your password and a unique single–use–code (we’ll send your trusted device or email address) or answer a series of questions. Your one–of–a–kind fingerprint password gives you access to your account on your smart phone, using your TurboTax app. TurboTax works hard to safeguard your information so you can file your taxes confidently.
#3 Report False Tax Returns Filed In Your Name
Together, they are accused of operating a $14.3 million identity theft and tax fraud scheme. The IRS has responded to the problem of tax ID theft partly by offering Identity Protection PINs to affected taxpayers that must be supplied on the following year’s tax application before the IRS will accept the return. However, consumers still have to request an IP PIN byapplying for one at the agency’s site, or by mailing in form 14039.
According to NJ.com, the money from the scams was used to support members of the 111 Neighborhood Crips and to aid other gang members who were in jail or prison. Perhaps in response to the IRS’s increasing ability to separate phony returns from legitimate ones, crooks last year massively focused on filing bogus refund requests with the 50 U.S states. To head off a recurrence of that trend in the 2016 filing season, the states and the IRS have hammered out an agreement to examine more than 20 new data elements collected by online providers like TurboTax and H&R Block.
Kodukula explained that traditionally most of the bogus refund requests were the result of what the company calls “stolen identity refund fraud” or SIRF. Kodukula cast Intuit as an industry leader in helping the IRS identify and ultimately deny suspicious tax returns. But that portrayal only tells part of the story, according to two former Intuit employees who until recently each held crucial security positions helping the company identify and fight tax fraud. Both individuals described a company that has intentionally dialed back efforts to crack down on SIRF so as not to lose market share when fraudsters began shifting their business to Intuit’s competitors. Kodukula noted that although the incidence of hijacked, existing TurboTax accounts was rapidly growing, the majority of refund scams the company has to deal with stem from “stolen identity refund fraud” or SIRF. When tax scammers file a fraudulent refund request, they usually take advantage of a process called a refund transfer. That allows the third party firm that helped prepare and process the return for filing (e.g. TurboTax) to get paid for their services by deducting the amount of their fee from the refund.
Unfortunately, the IRS also paid $5.8 billion that year for refund requests later determined to be fraud. The GAO noted that because of the difficulties in knowing the amount of undetected fraud, the actual amount could far exceed those estimates. Last week, KrebsOnSecurity published an exclusive interview with Indu Kodukula, Intuit’s chief information security officer. Kodukula explained that customer password re-use was a major cause of a spike this tax season in fraudulent state tax refund requests. The increase in phony state refund requests prompted several state revenue departments to complain to their state attorneys general.
As The Wall Street Journal noted in a story this week, competitors H&R Block and TaxAct say they haven’t seen a similar surge in fraud this year. But with 29 million customers last year — far more than H&R Block or TaxAct — TurboTax should also be leading the industry in security. Julie Magee, Alabama’s chief tax administrator, said the state/IRS task force opted not to disclose all 20 of the data elements they will be collecting from tax prep firms.
Most states didn’t start processing returns until after March 1, which is exactly when a flood of data breaches related to phished employee W2 data began washing up. As KrebsOnSecurity first warned in mid-February, thieves have been sending targeted phishing emails to human resources and finance employees at countless organizations, spoofing a message from the CEO requesting all employee W2’s in PDF format. The IRS is well aware that tax fraud has exploded, and e-filing is one of the enablers. The complaint includes some impressive IRS statistics, including the jump in suspected electronic tax fraud.
In February, KrebsOnSecurity publishedexclusive interviews with two former TurboTax security professionalswho accused TurboTax of making millions of dollars knowingly processing state and federal tax refunds filed by identity thieves. Magee said the Gentax software assigns each tax return a score for “wage confidence” and “identity confidence,” and that usually fraudulent tax refund requests have high wage confidence but low — if any — identity confidence. That’s because the fraudsters are filing refund requests on taxpayers for whom they already have stolen W2 information. The identity confidence in these cases is low often because the fraudsters are asking to have the money electronically deposited into an account that can’t be directly tied to the taxpayer, or they have incorrectly supplied some of the victim’s data. The added fraud filters that states are employing take advantage of data elements shared for the first time this tax season by the major online tax preparation firms such as TurboTax. The filters look for patterns known to be associated with phony refund requests, such how quickly the return was filed, or whether the same Internet address was seen completing multiple returns. The lawyers for the plaintiffs include Richard McCune of McCuneWright in Redlands, California; Michael Sobol of Lieff, Cabraser, Heimann & Bernstein in San Francisco; and John Yanchunis of Morgan & Morgan in Florida.
Keep your passwords long and unguessable, change them routinely to avoid situations just like this one, and make sure you are not reusing your passwords on multiple sites. On the same conference call, MacDougall can be heard asking Lyons why the company wouldn’t want to use security as a way to set the company apart from its competitors in the online tax preparation industry.
Tax Bracket Calculator
According to data released this week by anti-fraud company iovation, the Internal Revenue Service is taking up to three times longer to review 2015 tax returns compared to past years. The thief uses your stolen SSN to file a fraudulent tax return early in tax season—before you’re likely to file—and then pockets the refund. File tax returns and pay your taxes even as the fraud is being resolved. When the IRS receives two different returns with the same Social Security number, the second return filed will be rejected if you e-filed or if you paper-filed you’ll get a written notice that explains that a return has already been filed. Even if you don’t get a letter from the IRS but suspect a fraudulent return has been filed with your information, you can still take action. For simple tax returns only, file fed and state taxes free, plus get a free expert review with TurboTax Live Basic. You may use TurboTax Online without charge up to the point you decide to print or electronically file your tax return.