With the April 15 Tax Deadline Looming, ThreatMetrix Says Taxpayers Need to be Aware of E-Filing Risks

Share Article

Account Takeover: How Sophisticated Cybercriminals Steal Your Tax Refund.

News Image

ThreatMetrix™, the fastest-growing provider of integrated cybercrime prevention solutions, has identified account takeover as a leading cause for tax-related identity theft. Account takeover occurs when a thief uses stolen user credentials to login to a website.

The number of identity theft cases detected by authorities sky-rocketed nationwide to more than 1.2 million cases in 2012, according to the Treasury Department. Over the next five years, the crime will cost the nation an estimated $21 billion.

Cybercriminals most commonly get ahold of taxpayer information through seemingly authentic IRS popups, phishing emails and spam messages. If a taxpayer clicks on one of these, they receive an email “from the IRS” indicating that he or she has underreported his or her income or needs to enter further personal information. Once the taxpayer clicks on the link provided, they will either be prompted to enter personal information or to download a tax statement. If either action is taken, the user is subjected to account takeover.

Other ways account takeover can occur include:

  • A data breach at a payroll processing company in which a fraudster uses a legitimate taxpayer’s credentials to file on his or her behalf.
  • Taking over an existing account from previously e-filing with a tax preparer site (e.g. Intuit, TurboTax). This can be done by guessing a taxpayer’s email address and then either brute forcing a password or obtaining it from a previous site the taxpayer logged into (e.g. LinkedIn).
  • Using malware to steal login credentials to access a partially saved tax return on a preparer site.

“The reason so many people fall victim to this trick is that fraudulent emails and websites often look very similar to those from the IRS or tax preparation sites,” said Bert Rankin, chief marketing officer, ThreatMetrix. “Today’s sophisticated cybercriminals cash in on a refund when e-filers basically hand them their sensitive data and credentials online. An easy-to-miss indication of a malicious message is the physical address of the link the user clicks.”

Once a cybercriminal has obtained a taxpayer’s personal information, it is then used to login into the IRS website or a tax preparation site and falsely file tax forms. Exploiting the slow moving tax refund process, cybercriminals often collect money before victims or the IRS even discovers the fraud. In many cases, even if there isn’t a refund coming to the taxpayer, the hacker can engineer it so they receive one.

“Account takeover is not a new phenomenon – many of our e-commerce and online banking clients work with us to avoid this kind of identity theft, which can cause significant damage to all involved. We work with our clients to, for example, detect when someone is using the same laptop to file multiple statements. This raises a red flag that the user may actually be a fraudster,” Rankin said. “Although no individual or organization is completely safe from identity theft, taxpayers can do their part by being aware of where they enter sensitive tax-related information.”

According to the Internal Revenue Service, other tax scams to be aware of when e-filing include:

  • Identity Theft – An identity thief uses a legitimate taxpayer’s identity to fraudulently file a return and claim a refund.
  • Return Preparer Fraud – Fraudulent preparers solicit unsuspecting taxpayers to file with them, which results in refund fraud or identity theft.
  • “Free Money” Tax Scams – Advertisements or flyers promise refunds to individuals who have little or no income and normally don’t have a tax filing requirement.

For more information and tips on how to safely e-file, visit http://www.threatmetrix.com/resource-center/infographics/dont-let-cybercriminals-claim-your-refund/.

About ThreatMetrix
ThreatMetrix is the fastest-growing provider of integrated cybercrime prevention solutions. The ThreatMetrix™ Cybercrime Defender Platform helps companies protect customer data and secure transactions against payment fraud, malware, account takeover, fraudulent new registrations, data breaches, as well as man-in-the browser (MitB) and Trojan attacks. The platform consists of advanced cybersecurity technologies, including TrustDefender™ ID, which is cloud-based, real-time device identification, malware protection with TrustDefender™ Cloud and TrustDefender™ Client, as well as TrustDefender™ Mobile for smartphone applications. ThreatMetrix cybersecurity solutions protect more than 1,500 customers and 8,500 websites across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government, and insurance. For more information, visit http://www.threatmetrix.com or call 1-408-200-5755.

To join in the cybersecurity conversation, follow us on Twitter @ThreatMetrix.

© 2013 ThreatMetrix. All rights reserved. ThreatMetrix, TrustDefender ID, TrustDefender Cloud, TrustDefender Mobile, TrustDefender Client, the ThreatMetrix Cybercrime Defender Platform, ThreatMetrix Labs, and the ThreatMetrix logo are trademarks or registered trademarks of ThreatMetrix in the United States and other countries. All other brand, service or product names are trademarks or registered trademarks of their respective companies or owners.

Share article on social media or email:

View article via:

Pdf Print

Contact Author

Meghan Reilly
Walker Sands Communications
Email >

Dan Rampe
Email >
Visit website