Hacker Tax Fraud Much Bigger Than Previously Thought
Around the due date for filing taxes, it was reported that about 110,000 Americans had fallen victim to identity theft and had their tax returns stolen. The IRS has corrected that number, and it's three times higher.
The way the crime worked was that hackers would use a tool on the IRS website to retrieve past tax returns then use that information to file again, but send the money to themselves. The IRS has revealed that cyberthieves used personal information of about 610,000, usually stolen from other sources, and were able to access the information of about 334,000 people.
One would think that the IRS website would use the latest technology available to make taxpayer information secure. Getting past transcripts is really pretty easy though. All you need is basic information: name, date of birth, their Social Security number and their filing status. The SSN might be a little difficult to find, but it's not that hard to find that if you know the right places to look. After that, there is a verification question based on things known by credit bureaus. Those questions are not terribly hard to find the answers to either, often being available on social media or by running a simple background check. After you answer the question, you have access to past tax returns and all the information that goes with it.
The IRS has since offered IP PINs, Identity Protection Personal Identification Number, to the victims of this year's fraud. Mindbogglingly though, the method for recovering your IP PIN if you lose it is the exact same process used to get the past transcripts! It would be a relatively easy fix to text a PIN to a mobile phone, but for some reason the IRS hasn't instituted as much security as Google and Facebook.