Hackers Use Info from IRS Systems to File Phony Tax Returns
May 28, 2015
Tax fraud has seen an enormous surge in recent years with many of the one billion records compromised in data breaches in 2014 put to use in this way. This week, the U.S. Internal Revenue Service acknowledged that cyber crooks were able to access prior years’ tax returns for more than 100,000 taxpayers through the agency’s “Get Transcript” service. Like the fraud perpetrated on Starbucks’ mobile accounts recently, stolen passwords or other information was used to either open or takeover “Get Transcript” accounts, from which detailed tax information was used to file fraudulent tax returns for unsuspecting taxpayers.
“These third parties gained sufficient information from an outside source before trying to access the IRS site, which allowed them to clear a multi-step authentication process, including several personal verification questions that typically are only known by the taxpayer,” the IRS said in a statement on its Website.
Once a fraudster had access to a “Get Transcript” account, they could pull data directly from old tax returns and use it to file new bogus returns for an existing taxpayer.
The IRS said it identified suspect activity in mid-May and has temporarily shut down the Get Transcript application. The agency said the attempts to create or access “Get Transcript” accounts “were quite complex in nature and appear to have started in February and ran through mid-May.”