It’s tax season and cyber criminals are out in full force to steal your tax returns. This time last year, hackers stole $50 million from the Internal Revenue Service (IRS) through fradulent tax refunds, affecting 330,000 people. It’s no surprise that this January, the IRS was targeted by an automated cyber attack. Cyber criminals used stolen personal data from data breaches to create fake logins through the IRS Electronic Filing PINs. The IRS stated that they found unauthorized attemps to obtain Electronic Filing PINs for 464,000 Social Security numbers. The attackers tried to use malware to generate these fake identification numbers. Thankfully, the IRS was able to stop this attack before it affected anyone, however, it’s likely this won’t be the last attack.
“No personal taxpayer data was compromised or disclosed by IRS systems,” the IRS said in a statement. “The IRS also is taking immediate steps to notify affected taxpayers by mail that their personal information was used in an attempt to access the IRS application. The IRS is also protecting their accounts by marking them to protect against tax-related identity theft.”
The numerous data breaches that have occurred in the past few years have given these cyber criminals plenty of data to use for identity theft. In 2015, health insurers like Excellus, Anthem, and CareFirst, were victims of huge data breaches. These data breaches affected tens of millions of people. Even the Office of Personnel Management was attacked, exposing 21.5 million U.S. government employees. From the sheer amount of data that is out there, it’s no surprise that hackers are using this data to file people’s taxes.
As reported in Forbes: “The trend is clear. Each year, the IRS publishes a list of its ‘Dirty Dozen’ tax scams. In 2011, just one involved some form of identity theft. This year no less than one-third were (identity theft-related) scams.”
For a cyber criminal, it takes very little work to secure a big payoff. All it takes is a name and Social Security number, stolen from one of the many data breaches that have occurred. These thieves file for taxes under the stolen identity and provide a fake address to send the refund to. By using their automated programs, they can scam easily and quickly.
How can you protect yourself? The best thing you can do is to file your taxes as early as possible! The more you delay, the more time you are allowing cyber criminals to steal your identity.
Consumers need to be alert to possible tax-related identity theft, especially if you’ve received a letter from the IRS stating you have been breached. The IRS has published 5 warning signs that everyone should be aware of.
1. More than one tax return was filed for you;
2. You owe additional tax, have a refund offset or have had collection actions taken against you for a year you did not file a tax return;
3. IRS records indicate you received more wages than you actually earned or
4. Your state or federal benefits were reduced or cancelled because the agency received information reporting an income change.