Cybersecurity

ID thieves claim $5 billion in bogus tax refunds

Waxen/Shutterstock.com

Americans last year lost billions of dollars to crooks who claimed bogus tax refunds under the names of unwitting citizens, including the deceased, mostly through direct deposit accounts, federal investigators have discovered.

A new Treasury Department inspector general report identified about $5.2 billion worth of refunds potentially stolen by identity thieves during 2011, all of which the Internal Revenue Service failed to spot. The agency is on track during the next five years to disburse about $21billion worth of illegal tax refunds to imposters, the report added.

“The amount of undetected tax refund fraud we identified is conservative,” Michael E. McKenney, acting deputy IG for audit at the Treasury Inspector General for Tax Administration, wrote in a July 19 report released this week. “Unscrupulous individuals are stealing identities at an alarming rate for use in submitting tax returns with false income and withholding documents to the IRS for the sole purpose of receiving a fraudulent tax refund.”

Most scammers find it easier to obtain refunds digitally rather than present a bank teller with a photo ID that doesn’t match the name on the check or provide a fake ID, the audit stated. Of 1.5 million phony tax returns the IG flagged, 82 percent used direct deposit to receive refunds of $4.5 billion combined. The IRS issued one bank account 590 refunds totaling $909,267.

For the analysis, auditors examined fraudulent refunds involving ID theft that the IRS did catch and documented characteristics they had in common to identify other possible scams. Through various methods -- some redacted from the report -- criminals were swiping the names and Social Security numbers of people, such as young adult students and others not required to pay taxes, to rack up ill-gotten refunds.

The IG report was requested by Florida Democratic Sen. Bill Nelson, whose state has been targeted by a ring of digital refund fraudsters. During the past year and a half, the Tampa police department, along with federal and other local law enforcement agencies, uncovered several plots -- most concerning refunds deposited into a debit card account, the report stated. “The successful schemes involved identity thieves using the SSNs of deceased people and individuals who receive public assistance,” McKenney wrote. The IRS, as of February, had confiscated about 5,000 debit cards in connection with the Tampa case.

Nelson has introduced legislation to combat such crimes that would, among other things, bar open access to dead people’s Social Security numbers and heighten cooperation between the IRS and law enforcement.

Online tax fraud is just one of many growing threats resulting from the proliferation of networked devices. “The FBI has arrested hundreds of groups in this space,” said Shawn Henry, the bureau’s former top cyber chief, referring to cybercrime. “The reality is the breadth and scope of the threat is much larger than the current capabilities of the law enforcement in the United States. It’s through absolutely no malfeasance. It’s not through any poor capability.” The Senate was locked in a debate over another online menace -- the insecurity of the computers underpinning society, such as power grids and trading platforms – but failed to clinch a deal before the August congressional recess.

Cybersecurity “is a long-term problem without a short-term solution . . . There needs to be a comprehensive plan and it needs to be implemented, but what’s happening is taking a long time and that’s not good for anyone, said Henry, now president of security startup CrowdStrike Services.

Many ID theft targets may not know they have been victimized, until filing a legitimate tax return that raises questions because a duplicate already is in the system. Often the IRS never finds out at all, according to an April investigation. This week’s audit reiterated that the amount of tax fraud by people using fake tax returns containing bogus incomes and withholdings “is significantly larger than what the IRS detects and prevents.”

To stanch the flow of the illegal refunds, the IRS will consider restricting the number of refunds directly deposited to the same bank account or debit card, agency officials said in response to a draft report. And the IRS plans to coordinate with the Treasury Financial Crimes Enforcement Network, which regulates debit card ID verification, to ensure financial institutions confirm the identities of card applicants.

The IRS challenged the finding that it risks issuing ID thieves more than $20 billion during the next few years, noting that ongoing anti-fraud procedures could diminish that number. Those efforts include new screening filters that can identify false tax returns before they even are processed. As of April 19, the IRS had halted about $1.3 billion in potentially fraudulent tax refunds as a result of these new checks, the audit stated.

The agency also is marking deceased individuals’ tax accounts with special digital indicators that set off alarms when the deceased person’s SSN turns up on a tax return. IRS officials told the inspector that, during the past year, they locked more than 164,000 tax accounts using these indicators, which prevented imposters from illegally claiming about $1.8 million.

“Because of these actions we believe that the report’s projection of undetected fraudulent refunds over the next five years is significantly overstated,” Peggy Bogadi, IRS commissioner of the wage and investment division, wrote in a June 26 letter to the watchdog. The inspector general acknowledged that the losses could be smaller if the IRS continues applying screening tools.

(Image via Waxen /Shutterstock.com)

Threatwatch Alert

Cyber espionage / Network intrusion / Stolen credentials

Hackers ogled 500,000 consumer records at British boob job clinics

See threatwatch report

JOIN THE DISCUSSION

Close [ x ] More from Nextgov
// April 16