It’s that time of year again: Time to file your taxes and hopefully get a nice, fat refund. But there’s another thing you might have to worry about before you calculate the ways you’ll spend your return – cyber criminals cashing out on your return before you do. The U.S. Federal Trade Commission’s (FTC) complaints about tax return identity theft has doubled from 2014.
According to USA Today, in 2015 the Internal Revenue Service (IRS) experienced the largest hack yet with cyber criminals gaining access to over 700,000 IRS accounts that included Social Security numbers, birth dates, and other critical information needed to file fake returns and collect refunds. The IRS was hacked again this February with 464,000 unique Social Security numbers breached. Fortune Magazine reported that of those, over 100,000 were used (albeit unsuccessfully) to try to access an E-file pin. This could mean an expected loss of $21 billion dollars to cyber fraud and fake tax returns in 2016.
What happens once a taxpayer’s information is hacked from the IRS database? It’s often for sale on the darknet within hours. Your personal information is up for grabs to the highest bidder. One of the loopholes for crooks has been the lack of security for self-filing tax return software logins like TurboTax. The first signs of the massive identity theft through tax return fraud was spotted in 2008 and has since spread virally into one of the most successful security breaches ever.
IBM Security Executive Advisor Etay Maor says that personal identity and data breaches are more sophisticated than ever. Thieves are trading your information on the darknet for pennies on the dollar. Maor says that your credit card number can cost as little as a $1 on the dark web, with more comprehensive info like Social Security number and birth dates costing around $15 dollars. But your healthcare records that are packed with personal data can go for $60. Stealing medical records was the number one target for criminal hackers in 2015 according to Maor. Medical records never expire, unlike credit card numbers, and often contain all the sensitive info including Social Security numbers that hackers need to steal your refund or file a fake return using your info. He suggests not providing your Social Security number on your medical forms.
Maor says that the abuse is rampant – in 2013 the IRS said it was able to stop $24.2 billion dollars in fraudulently filed tax returns, but they still were unable to stop $5.8 billion. Even worse? The IRS is expecting a loss of over $21 billion dollars to tax fraud and phony claims in 2016. What problems can our country solve with a spare $21 billion dollars?
Tightening security around IRS communication and third party apps is essential. Another way the IRS could combat this crime is through Big Data and predictive analytics says Curtis Clark, director of global government at IBM.
Clark said, “Predictive analytics becomes even more useful if they look at returns when they come in rather than waiting to analyze them months or years later. A northeastern U.S. tax department reduced refund fraud by using predictive analytics to spot dubious filings before the refund checks were sent out. Getting money back after it has been paid is laborious and acrimonious. The system has helped the state avoid more than $1.6 billion in refunds since 2004.”
The IRS has done a poor job at discouraging tax fraud with past reports from the Inspector General noting that the scam is so easy to perpetrate that large organized rings made up of prisoners inside jail have been successful, and it has been reported by “60 Minutes” that criminals are so confident they will never get caught that they use their own personal mailing address for the returns, and file bogus returns on their mobile phone.
President Obama recently visited the SXSW Interactive Festival to plead for the smartest minds in tech to start working with the government to solve some of the problems these antiquated federal information systems have. The IRS says it has taken more security measures this year than ever before according to their website, but is it enough?
Here are some resources to help you stay protected
- IRS and Businesses Work Together to Combat Tax Refund Fraud
- The IRS Security Awareness For Taxpayers Publication
- Stolen Identity Tax Refund Fraud: Who Is Getting Your Refund?
Learn more about the IRS and fraud
- Download the white paper: IBM X-Force Threat Intelligence Quarterly – Q4 2015
- IBM Cyber Security
- IBM Counter Fraud Management
- IBM + IRS projects