Are you one of the many Americans who wait until the last minute to file their state and federal taxes? Do you often push the April 15 filing deadline? As the final stretch of tax season comes to a close, many unlucky Americans may find themselves the victims of tax refund fraud.

Stolen identity tax refund fraud takes place when someone willfully and intentionally files a tax return electronically using another person’s identity to fraudulently collect funds, made possible by flaws in the current IRS system. All that is required to file a return electronically is a victim’s date of birth and Social Security number. Additionally, the IRS starts to accept returns on Jan. 1, while companies are not required to send their filing information in until March. The problem remains because the IRS does not compare employer filings to employee filings until the middle of the summer.

How Does the Scam Work?

In order to pull off this type of scam, the fraudster must first get a hold of personally identifiable information (PII) of potential victims. PII includes a victim’s Social Security number and date of birth. With recent health care data breaches, more Americans are at risk of stolen identity tax refund fraud than ever before.

Fraudsters will use stolen PII to file a return in the victim’s name electronically early in the season. By filing it early, the fraudster has a higher chance of receiving the refund before the victim has started to file his or her return information and becomes aware any fraudulent activity has already taken place in his or her name.

Advances in technology such as e-filing systems make for a faster and simpler filing process for everyone — including fraudsters. They simply need a Wi-Fi connection, a laptop and the partial PII of potential victims. Some smartphones even have an app to file tax returns.

A fraudster can submit multiple phony refund filings in a day by simply fabricating a victim’s income, submitting the information electronically and requesting the refund be sent to his or her address or put on a prepaid debit card.

Case Examples of Tax Refund Fraud

A woman and her daughter were arrested in Raleigh, North Carolina, for filing fraudulent returns over a six-year period and pocketing an estimated $1.4 million. According to the Carolina Journal Online, the fraud involved fabricated identities, phony W-2 earnings statements and the listing of dependents who did not exist.

In a much larger case, a 75-year-old man from Fort Lee, New Jersey, was sentenced to 17 months in prison for filing fraudulent returns. According to the U.S. Department of Justice, U.S. Attorneys and the IRS celebrated the takedown of the scheme, which apparently involved the filing of more than 8,000 fraudulent federal returns claiming more than $65 million in fraudulent refunds. The losses to the United States totaled more than $12 million.

What Happens if You Are a Victim?

If you find yourself a victim of stolen identity tax refund fraud, notify the IRS Identity Protection Specialized Unit immediately. You will also need to fill out the IRS Identity Theft Affidavit (Form No. 14039).

Additionally, the IRS recommends victims take the following steps to ensure their safety:

  • Report incidents of identity theft to the Federal Trade Commission.
  • File a report with the local police.
  • Contact the fraud departments of the three major credit bureaus: Equifax, Experian and TransUnion.
  • Close any accounts that have been tampered with or opened fraudulently.

What Is Law Enforcement Doing About It?

The IRS has a skilled team of investigators who are leading the agency’s effort to combat the threat. The IRS has identified flaws in its online e-filing system and is working toward making the necessary changes. According to the FBI, the IRS is continuing to make enhancements in fraud prevention, early detection and victim assistance. Additionally, the FBI is teaming up with the IRS, U.S. Secret Service and banks to follow the money and identify criminal organizations that are engaged in tax refund fraud.

How Can You Prevent Yourself From Becoming a Victim?

While you won’t be able to prevent a large PII breach, you can take the following simple steps to protect yourself:

  • Keep your Social Security card secure at all times. Don’t carry it around in your wallet or leave it in plain sight. Treat your Social Security card as you would any valuable you own.
  • Always keep your financial information protected.
  • Run a credit report on a biannual or annual basis.
  • Protect your computers by keeping your antivirus system up-to-date, using firewalls, changing passwords routinely and not opening suspicious emails.
  • Never provide personal information over the phone nor through mail or email unless you initiated the contact and you are positive you know the person to whom you are providing it.

More from Fraud Protection

Unveiling the latest banking trojan threats in LATAM

9 min read - This post was made possible through the research contributions of Amir Gendler.In our most recent research in the Latin American (LATAM) region, we at IBM Security Lab have observed a surge in campaigns linked with malicious Chrome extensions. These campaigns primarily target Latin America, with a particular emphasis on its financial institutions.In this blog post, we’ll shed light on the group responsible for disseminating this campaign. We’ll delve into the method of web injects and Man in the Browser, and…

PixPirate: The Brazilian financial malware you can’t see

10 min read - Malicious software always aims to stay hidden, making itself invisible so the victims can’t detect it. The constantly mutating PixPirate malware has taken that strategy to a new extreme. PixPirate is a sophisticated financial remote access trojan (RAT) malware that heavily utilizes anti-research techniques. This malware’s infection vector is based on two malicious apps: a downloader and a droppee. Operating together, these two apps communicate with each other to execute the fraud. So far, IBM Trusteer researchers have observed this…

New Fakext malware targets Latin American banks

6 min read - This article was made possible thanks to contributions from Itzhak Chimino, Michael Gal and Liran Tiebloom. Browser extensions have become integral to our online experience. From productivity tools to entertainment add-ons, these small software modules offer customized features to suit individual preferences. Unfortunately, extensions can prove useful to malicious actors as well. Capitalizing on the favorable characteristics of an add-on, an attacker can leverage attributes like persistence, seamless installation, elevated privileges and unencrypted data exposure to distribute and operate banking…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today