Archive

Go to:

October 2017
SMTWTFS
1234567
891011121314
15161718192021
22232425262728
293031
< Sep Nov >
Leaguer Email Subscription

You are not currently subscribed. Click Subscribe below to receive the Leaguer email.

Phishing Victims Muddle Tax Fraud Fight
Friday, March 25, 2016 6:40 AM

A Thursday article in Krebs on Security warns that more stringent controls enacted by the Internal Revenue Service, designed to block fraudulent tax refund requests filed by identity thieves, may delay U.S. citizens' tax returns. Adding to the backlog is a steady drip of corporate data breaches involving phished employee W-2 information and an apparent mass adoption by ID thieves of professional tax services for processing large numbers of phony refund requests.

According to data released this week by anti-fraud company Iovation, the IRS is taking up to three times longer to review 2015 tax returns compared to past years.

Julie Magee, commissioner of Alabama’s Department of Revenue,  said much of the delay this year at the state level is likely due to new “fraud filters” the states have put in place with Gentax, a return processing and auditing system used by about half of U.S. state revenue departments. If the states can’t outright deny a suspicious refund request, they’ll very often deny the requested electronic bank deposit and issue a paper check to the taxpayer’s known address instead.

“Many states decided they weren’t going to start paying refunds until March 1, and on our side we’ve been using all our internal fraud resources and tools to analyze the tax return before we even put it in the queue,” Magee said. “That’s delaying refunds nationwide for the IRS and the states, and it’s pretty much going to also mean a helluva lot of paper checks are going out this year.”

The added fraud filters that states are employing take advantage of data elements shared for the first time this tax season by the major online tax preparation firms such as TurboTax. The filters look for patterns known to be associated with phony refund requests, such how quickly the return was filed, or whether the same Internet address was seen completing multiple returns.

Magee said some of the states have been adding new fraud filters nearly every time they learn of another big breach involving large numbers of stolen or phished employee W2 data, a huge problem this tax season that is forcing dozens of companies large and small to disclose data breaches over the past few weeks.

Most states didn’t start processing returns until after March 1, which is exactly when a flood of data breaches related to phished employee W2 data began washing up. As KrebsOnSecurity first warned in mid-February, thieves have been sending targeted phishing emails to human resources and finance employees at countless organizations, spoofing a message from the CEO requesting all employee W2’s in PDF format.

Over the past week alone, KrebsOnSecurity has heard from employees at a broad range of organizations that appear to have fallen victim to W2 phishing scams, including some 28,000 employees of the market research giant Kantar Group; and 17,000+ employees of Sprouts Farmer’s Market

Magee said Alabama and other states are dealing with a huge spike this year in fraudulent refund requests filed via criminals who use online software firms that specialize in selling e-filing services to tax professionals.

For more on this story, please visit KrebsOnSecurity.com.

Ensure your credit union is protected. Contact Credit Union Resources to find out how we can help you manage cybersecurity and operational risks:

Idrees Rafiq
469-385-6799
800-442-5762, ext. 6799
irafiq@curesources.coop

Deanna Brown
469-385-6464
800-442-5762, ext. 6464
dbrown@curesources.coop