Tax Refund Fraud – Page 2 – WindowsTechs.com

When Identity Thieves Hack Your Accountant

Posted on April 11, 2018 by BrianKrebs

The Internal Revenue Service has been urging tax preparation firms to step up their cybersecurity efforts this year, warning that identity thieves and hackers increasingly are targeting certified public accountants (CPAs) in a bid to siphon oodles of sensitive personal and financial data on taxpayers. This is the story of a CPA in New Jersey whose compromise by malware led to identity theft and phony tax refund requests filed on behalf of his clients. Continue reading When Identity Thieves Hack Your Accountant→

San Diego Sues Experian Over ID Theft Service

Posted on March 23, 2018 by BrianKrebs

The City of San Diego, Calif. is suing big three consumer credit bureau Experian, alleging that a data breach first reported by KrebsOnSecurity in 2013 affected more than a quarter-million people in San Diego but that Experian never alerted affected consumers as required under California law.

The lawsuit, filed by San Diego city attorney Mara Elliott, concerns a data breach at an Experian subsidiary that lasted for nine months ending in 2013. As first reported here in October 2013, a Vietnamese man named Hieu Minh Ngo ran an identity theft service online and gained access to sensitive consumer data held by Experian’s subsidiary by posing as a licensed private investigator. Continue reading San Diego Sues Experian Over ID Theft Service→

IRS Scam Leverages Hacked Tax Preparers, Client Bank Accounts

Posted on February 19, 2018 by BrianKrebs

Identity thieves who specialize in tax refund fraud have been busy of late hacking online accounts at multiple tax preparation firms, using them to file phony refund requests. Once the Internal Revenue Service processes the return and deposits money into bank accounts of the hacked firms’ clients, the crooks contact those clients posing as a collection agency and demand that the money be “returned.”

In one version of the scam, criminals are pretending to be debt collection agency officials acting on behalf of the IRS. They’ll call taxpayers who’ve had fraudulent tax refunds deposited into their bank accounts, claim the refund was deposited in error, and threaten recipients with criminal charges if they fail to forward the money to the collection agency.

This is exactly what happened to a number of customers at a half dozen banks in Oklahoma earlier this month. Elaine Dodd, executive vice president of the fraud division at the Oklahoma Bankers Association, said many financial institutions in the Oklahoma City area had “a good number of customers” who had large sums deposited into their bank accounts at the same time. Continue reading IRS Scam Leverages Hacked Tax Preparers, Client Bank Accounts→

File Your Taxes Before Scammers Do It For You

Posted on January 29, 2018 by BrianKrebs

Today, Jan. 29, is officially the first day of the 2018 tax-filing season, also known as the day that fraudsters start requesting phony tax refunds in the names of identity theft victims. Want to minimize the chances of getting hit by tax refund fraud this year? File your taxes before the bad guys can!

Tax refund fraud affects hundreds of thousands, if not millions, of U.S. citizens annually. Victims usually first learn of the crime after having their returns rejected because scammers beat them to it. Even those who are not required to file a return can be victims of refund fraud, as can those who are not actually due a refund from the IRS. Continue reading File Your Taxes Before Scammers Do It For You→

Name+DOB+SSN=FAFSA Data Gold Mine

Posted on November 24, 2017 by BrianKrebs

KrebsOnSecurity has sought to call attention to online services which expose sensitive consumer data if the user knows a handful of static details about a person that are broadly for sale in the cybercrime underground, such as name, date of birth, and Social Security Number. Perhaps the most eye-opening example of this is on display at fafsa.ed.gov, the Web site set up by the U.S. Department of Education for anyone interested in applying for federal student financial aid. Continue reading Name+DOB+SSN=FAFSA Data Gold Mine→

Name+DOB+SSN=FAFSA Data Gold Mine

Posted on November 24, 2017 by BrianKrebs

Private Eye Allegedly Used Leaky Goverment Tool in Bid to Find Tax Data on Trump

Posted on May 22, 2017 by BrianKrebs

In March 2017, KrebsOnSecurity warned that thieves who perpetrate tax refund fraud with the U.S. Internal Revenue Service were leveraging a widely-used online student loan tool to find critical data on consumers that allows them to claim huge refunds with the IRS in someone else’s name. This week, it emerged that a Louisiana-based private investigator is being charged with using the same online tool to glean tax data on then-presidential candidate Donald J. Trump.

A story today at Diverseeducation.com points to court filings in the U.S. District Court for the Middle District of Louisiana, in which local private eye Jordan Hamlett is accused by federal prosecutors of abusing an automated tool at the U.S. Department of Education website that is designed to make it easier for families to complete the Education Department’s Free Application for Federal Student Aid (FAFSA) — a lengthy form that serves as the starting point for students seeking federal financial assistance to pay for college or career school. Continue reading Private Eye Allegedly Used Leaky Goverment Tool in Bid to Find Tax Data on Trump→

Fraudsters Exploited Lax Security at Equifax’s TALX Payroll Division

Posted on May 18, 2017 by BrianKrebs

Identity thieves who specialize in tax refund fraud had big help this past tax year from Equifax, one of the nation’s largest consumer data brokers and credit bureaus. The trouble stems from TALX, an Equifax subsidiary that provides online payroll, HR and tax services. Equifax says crooks were able to reset the 4-digit PIN given to customer employees as a password and then steal W-2 tax data after successfully answering personal questions about those employees.

In a boilerplate text sent to several affected customers, Equifax said the unauthorized access to customers’ employee tax records happened between April 17, 2016 and March 29, 2017.

Beyond that, the extent of the fraud perpetrated with the help of hacked TALX accounts is unclear, and Equifax refused requests to say how many consumers or payroll service customers may have been impacted by the authentication weaknesses. Continue reading Fraudsters Exploited Lax Security at Equifax’s TALX Payroll Division→

Cybercriminals Riding Tax Filing Tides: Tax Fraud Season in Effect

Posted on April 5, 2017 by Limor Kessem

IBM X-Force researchers discovered that the volume of spam email campaigns carrying tax fraud scams rises sharply during the months surrounding tax season.

The post Cybercriminals Riding Tax Filing Tides: Tax Fraud Season in Effect appeared first on Security Intelligence.

Continue reading Cybercriminals Riding Tax Filing Tides: Tax Fraud Season in Effect→

Phishing 101 at the School of Hard Knocks

Posted on March 24, 2017 by BrianKrebs

A recent, massive spike in sophisticated and successful phishing attacks is prompting many universities to speed up timetables for deploying mandatory two-factor authentication (2FA) — requiring a one-time code in addition to a password — for access to student and faculty services online. This is the story of one university that accelerated plans to require 2FA after witnessing nearly twice as many phishing victims in the first two-and-half months of this year than it saw in all of 2015. Continue reading Phishing 101 at the School of Hard Knocks→