posted on May, 3 2015 @ 02:58 PM
This goes out to all of ATS's US members, at least all those that have filed, or are planning to file, a federal income tax return.
Those of you who will not be filing may be able to sit back and enjoy a bit of Schadenfreude.
At least for the moment.
On February 06, 2015, Intuit, Inc., one of the nations largest providers of income tax preparation software, announced that it was working closely
with various State tax agencies to address growing concerns over state tax fraud. This action was taken in response to a marked increase in the number
of suspicious state tax return filings, which was assumed to be the work of criminals using stolen identity information to file fraudulent state tax
returns and claim refunds on those returns.
Working with a third-party security firm, Intuit stated that it believed the source of the taxpayer information used to prepare these fraudulent
returns was not the result of a security breach of its files, but from sources outside of Intuit.
The matter was serious enough, as some of you might remember, that Intuit suspended transmission of electronically submitted 2014 tax returns
generated its software, in several states across the US for 24 hours on February 05, 2015.
Most of the MSM news coverage of this incident centered on questions regarding the security of Intuit's main consumer tax product, TurboTax, which
Intuit vehemently defended as Not having been "hacked". Intuit went to lengths assuring the public that TurboTax user data had NOT been hacked and
One thing Intuit did not say, publically, for attribution, was that Intuit also provides some of the most widely used Professional tax preparation
software as well; software used by CPA's, Accountants, Tax Preparers, Enrolled Agents, and the like, to prepare and file your returns. Two of these
software suites are Lacert, and ProSeries Tax.
And nothing has been said by Intuit in regards to the security of the taxpayer data used, and stored, by these programs.
Nor has any mention been made of the fact that one of Intuit's owners is JP Morgan Chase Bank, which, if any cares to remember, had its customer
files hacked in 2013; 89 MILLION customer files!
Sources outside Intuit, indeed!
Since Intuit's announcement in February, a curious, and potentially alarming thing has been happening with increasing frequency:
People are receiving refunds for tax returns they have not yet filed.
So far, I've only heard about this regarding state tax refunds, although the IRS is usually rather tight-lipped about issues regarding its fraud
investigations, so there may have been a number of IRS refunds issued to folks who have not yet filed as well.
This may seem like a great thing to many of you, Karmic Justice, sticking it to the Man and such.
So be it.
But I want to address the underlying issue here, the thing that has me most concerned.
The folks receiving these refunds had no indication previously that their personal information, information that was as detailed as their social
security numbers, the social security numbers of their spouses and children, their birthdates, the name of their employers, their wages and
withholding amounts, their addresses of course, all the detailed information necessary to file a state (or federal) tax return.
Not only file the return, but have it accepted as a valid return, despite the ant-fraud checks incorporated in the processing procedures, and cause a
refund to be issued.
This is a particularly significant point to note. One of the anti-fraud devices the tax agencies use is withholding verification: unless the amount of
withholding verified on account by the tax agency is at least as much, if not more than you claim on your return, you will not get your claimed
refund, and your filing might be subjected to scrutiny as being a possibly fraudulent claim.
These "Prescient Returns" are somehow able to "spoof" the ant-fraud measures in place, and trick the system into issuing a refund.
The really odd thing is this:
If someone has gone through all the trouble of preparing a false tax return good enough to circumvent all the ant-fraud protocols and get a refund
issued, why would they have the refund sent to the rightful owner of the personal data they stole from?
That would be like hacking into some one bank account, taking their money and then sending them the cash you've stolen!
Fraudulent refunds are typically sent to PO boxes or fake addresses so that culprit can collect his ill-gotten loot, not sent back to the actual
taxpayer. But that's what is happening.
In the vast majority of the instances I am aware of, the victims(?) of this farce have been clients of professional tax preparers using an Intuit
product, Or have, or have had, an account with Chase Bank (Checking, Savings, Mortgage, etc.).
Has it happened to you?
Has your tax preparer told you that this year's (2014) or last year's (2013) tax return will have to be paper-filed instead of filed electronically
because there seems to already be a return on file under your SSN?
Now for the Tinfoil hat portion of our show.
What is behind this phenomenon? As I said, the level of sophistication required to craft these returns is well beyond your typical internet-accessing
convict. The data is either being sourced to a number of unrelated files and painstakingly assembled for the purpose of preparing returns worth, at
most a few thousand dollars each, which is then sent to the unwitting actual owner of the data, or the data has all been sourced to the "pool" (a
much more cost-effective and less time-consuming methodology) to the same ends.
But, if you have data that is that accurate, and that complete about that many people, what else are you planning to do with it?
Money isn't your goal, since you're sending the refunds back to the identities you stole from.
What else is there?
THAT's the question that has ME worried