Are Hackers Pocketing Your Tax Refund?
Are you filing or have you recently filed your taxes with TurboTax? If so, you might want to check your state refund.
Customers have logged into their accounts and found that their state refund had already need claimed on their behalf. TurboTax is suspending state returns for now as a precaution. Intuit, the owner of TurboTax, said that a security firm has turned up no signs of malware or anything else suspicious on their end, so how is this happening?
The issue is certainly not a new one, but as cyber crimes are on the rise it is one we will probably see more going forward if steps are not taken to prevent it.
As you can tell by reading through the news on this website over the past few months, cyber crimes where people's personal information. While most of the news has centered on large companies, individual people's computers are still hacked all the time, and when that happens, a hacker can steal login credentials for a person's access to any website. There are also phishing scams where a thief will send email purporting to be from a tax service in order to gain login credentials.
With all of this stolen information out there, it's not too much of a stretch to imagine that people can log into tax websites, like TurboTax, and file claims. What makes it even easier is that most online tax services retain information from filings from previous years, including a user's adjusted gross income, which is one method the IRS uses to confirm the user's identity.
The thief can take all of this information, file a tax return and pocket your refund.
What can be done about this? The easiest thing to implement would be a two-factor authentication process whereby TurboTax would send a code via text or app to verify an identity. This wouldn't be a 100% secure step, but it would make it much harder for hackers to run this scam.