It looks like you're using an Ad Blocker.

Please white-list or disable AboveTopSecret.com in your ad-blocking tool.

Thank you.

 

Some features of ATS will be disabled while you continue to use an ad-blocker.

 

U.S.: How Safe is Your Tax Return Information?

page: 1
5

log in

join
share:

posted on May, 3 2015 @ 02:58 PM
link   
This goes out to all of ATS's US members, at least all those that have filed, or are planning to file, a federal income tax return.

Those of you who will not be filing may be able to sit back and enjoy a bit of Schadenfreude.

At least for the moment.


On February 06, 2015, Intuit, Inc., one of the nations largest providers of income tax preparation software, announced that it was working closely with various State tax agencies to address growing concerns over state tax fraud. This action was taken in response to a marked increase in the number of suspicious state tax return filings, which was assumed to be the work of criminals using stolen identity information to file fraudulent state tax returns and claim refunds on those returns.

Working with a third-party security firm, Intuit stated that it believed the source of the taxpayer information used to prepare these fraudulent returns was not the result of a security breach of its files, but from sources outside of Intuit.

The matter was serious enough, as some of you might remember, that Intuit suspended transmission of electronically submitted 2014 tax returns generated its software, in several states across the US for 24 hours on February 05, 2015.

Most of the MSM news coverage of this incident centered on questions regarding the security of Intuit's main consumer tax product, TurboTax, which Intuit vehemently defended as Not having been "hacked". Intuit went to lengths assuring the public that TurboTax user data had NOT been hacked and was secure.


Welll.......

One thing Intuit did not say, publically, for attribution, was that Intuit also provides some of the most widely used Professional tax preparation software as well; software used by CPA's, Accountants, Tax Preparers, Enrolled Agents, and the like, to prepare and file your returns. Two of these software suites are Lacert, and ProSeries Tax.

And nothing has been said by Intuit in regards to the security of the taxpayer data used, and stored, by these programs.

Nor has any mention been made of the fact that one of Intuit's owners is JP Morgan Chase Bank, which, if any cares to remember, had its customer files hacked in 2013; 89 MILLION customer files!

Sources outside Intuit, indeed!


Since Intuit's announcement in February, a curious, and potentially alarming thing has been happening with increasing frequency:

People are receiving refunds for tax returns they have not yet filed.

So far, I've only heard about this regarding state tax refunds, although the IRS is usually rather tight-lipped about issues regarding its fraud investigations, so there may have been a number of IRS refunds issued to folks who have not yet filed as well.

This may seem like a great thing to many of you, Karmic Justice, sticking it to the Man and such.

So be it.

But I want to address the underlying issue here, the thing that has me most concerned.


The folks receiving these refunds had no indication previously that their personal information, information that was as detailed as their social security numbers, the social security numbers of their spouses and children, their birthdates, the name of their employers, their wages and withholding amounts, their addresses of course, all the detailed information necessary to file a state (or federal) tax return.

Not only file the return, but have it accepted as a valid return, despite the ant-fraud checks incorporated in the processing procedures, and cause a refund to be issued.

This is a particularly significant point to note. One of the anti-fraud devices the tax agencies use is withholding verification: unless the amount of withholding verified on account by the tax agency is at least as much, if not more than you claim on your return, you will not get your claimed refund, and your filing might be subjected to scrutiny as being a possibly fraudulent claim.

These "Prescient Returns" are somehow able to "spoof" the ant-fraud measures in place, and trick the system into issuing a refund.

The really odd thing is this:

If someone has gone through all the trouble of preparing a false tax return good enough to circumvent all the ant-fraud protocols and get a refund issued, why would they have the refund sent to the rightful owner of the personal data they stole from?

That would be like hacking into some one bank account, taking their money and then sending them the cash you've stolen!

Fraudulent refunds are typically sent to PO boxes or fake addresses so that culprit can collect his ill-gotten loot, not sent back to the actual taxpayer. But that's what is happening.

In the vast majority of the instances I am aware of, the victims(?) of this farce have been clients of professional tax preparers using an Intuit product, Or have, or have had, an account with Chase Bank (Checking, Savings, Mortgage, etc.).


Has it happened to you?

Has your tax preparer told you that this year's (2014) or last year's (2013) tax return will have to be paper-filed instead of filed electronically because there seems to already be a return on file under your SSN?

Now for the Tinfoil hat portion of our show.

What is behind this phenomenon? As I said, the level of sophistication required to craft these returns is well beyond your typical internet-accessing convict. The data is either being sourced to a number of unrelated files and painstakingly assembled for the purpose of preparing returns worth, at most a few thousand dollars each, which is then sent to the unwitting actual owner of the data, or the data has all been sourced to the "pool" (a much more cost-effective and less time-consuming methodology) to the same ends.

But, if you have data that is that accurate, and that complete about that many people, what else are you planning to do with it?

Money isn't your goal, since you're sending the refunds back to the identities you stole from.

What else is there?

THAT's the question that has ME worried



posted on May, 3 2015 @ 06:33 PM
link   
Starred and Flagged.

I've been following the hacked identity problem for awhile and have been saying for a least a year that they (mostly the Russian Syndicate) have everyone's information and are using it to destroy the U.S. economy.

It's a cyber war that I'm afraid we are not winning. How much longer until the camel's back gives in?

Here is the thread I started on ATS just over a year ago.

You're the Next Victim of the Cyber Wars

Good thread Bhadhidar


ETA: About the "why" the hackers would send the refunds to the real person's address.

They usually do some test runs on new hacks, this could be what this is. Typically when the hacker uses your identity information to access your bank account, they make a small purchase or withdrawal to see if they can get away with it. Then after a while they sell your information as good to use and the unauthorized stuff goes off the charts in your accounts.

If this is the case, then the question will now be who is doing this new income tax identity scams?
edit on 3-5-2015 by MichiganSwampBuck because: added extra comments



posted on May, 3 2015 @ 06:56 PM
link   
a reply to: MichiganSwampBuck

Just re-read your thread from last year.

Great job!

What concerns me most about this particular situation is that if some one can falsify an identity well enough to spoof government-level systems specifically designed to detect and deter such frauds, what else can they do with the now "government-approved" identity they have hijacked?

Apply for a driver's license? An ID card? A security clearance?

Maybe buy real estate located near strategic assets?

If someone can so successfully hijack another person's identity that they can access State and/or Federal tax records, they have virtual carte blanche to access any other financial or business file.

Our economy, and our infrastructure, are at least at risk, if not already compromised beyond our control...

And nobody seems the wiser.


edit on 3-5-2015 by Bhadhidar because: grammar



posted on May, 3 2015 @ 07:06 PM
link   
Well, my new employment screwed up my w-4 and I wound up paying in thousands (that I did not have...) this year.

So I guess if the Russians want to, they can pay that surprise bill.



posted on May, 3 2015 @ 08:16 PM
link   

originally posted by: Bhadhidar
a reply to: MichiganSwampBuck

Just re-read your thread from last year.

Great job!

What concerns me most about this particular situation is that if some one can falsify an identity well enough to spoof government-level systems specifically designed to detect and deter such frauds, what else can they do with the now "government-approved" identity they have hijacked?

Apply for a driver's license? An ID card? A security clearance?

Maybe buy real estate located near strategic assets?

If someone can so successfully hijack another person's identity that they can access State and/or Federal tax records, they have virtual carte blanche to access any other financial or business file.

Our economy, and our infrastructure, are at least at risk, if not already compromised beyond our control...

And nobody seems the wiser.



Those are all scary possibilities and all that can be had on the dark net for bitcoins or any currency for that matter. However, a hack at that level may just go to the highest bidders, in any case, it was probably developed by the Russian government for more than just that. As you point out, there are some nefarious ways to use such a complete system for ID theft. There are other numerous cyber threats that could be used together to cause some huge problems all at once.



posted on May, 4 2015 @ 06:49 PM
link   
a reply to: Bhadhidar

Well, assuming ours is secure. No issue at all getting it filed, and having the refund issued. Then, we don't use a paid service or a program we have to pay for, either. I tend to avoid the more popular programs, simply because they seem like bigger targets.

I wonder what action will be taken against those committing the fraud.



posted on May, 4 2015 @ 08:19 PM
link   
a reply to: LadyGreenEyes

So far, the actions you've taken should keep you in the clear.

Other than the Intuit connection, the only other link I've seen among the victims is that many of them, including the few who did not use Intuit-based preparation software, was that they have all had some kind of account with Chase Bank.

To answer your question, I don't know that anything has been, or will be done to the perpetrators of this fraud, assuming that they are ever caught, or even identified.

As far as I know, no one has even recognized this particular type of fake return as being anything other than individual instances of fraud.

Nobody seems to "see the pattern" that would raise the Red Flags.

That is the very reason that I started this thread; I wanted to get this particular phenomenon "out there", see just how wide-spread the problem was, and maybe get the community "group-mind" focused on the potential threat this specific data-exploit could pose.


But, that doesn't seem to be happening.

Maybe I should have mentioned Bigfoot in the title?

Or maybe an ounce of prevention just doesn't have the same draw as a pound of scare.



posted on May, 4 2015 @ 09:15 PM
link   
a reply to: Bhadhidar

I prefer to be careful! It's so convenient filing electronically, but there is no reason not to be cautious! You'd think more people would worry. Then, most would have filed by now, so maybe that s a factor.



posted on May, 4 2015 @ 09:43 PM
link   

originally posted by: lordcomac
Well, my new employment screwed up my w-4 and I wound up paying in thousands (that I did not have...) this year.

So I guess if the Russians want to, they can pay that surprise bill.


It is very difficult for an employer to change any information on a W4. You have to fill out the W4 pdf and send it back to them, with signature. An employer also has to abide by all deadlines, if you file a modified W4 and submitted to them in the correct time frame. So, if you can prove that the IRS received a different number on the W4 than you submitted, or, you followed the timeline for submitting the W4, and they were negligent in getting it to the IRS in time, you have a case that can be pursued, if you should desire to. Just trying to help.




top topics



 
5

log in

join