The U.S. Internal Revenue Service (IRS) expects to receive 152 million tax returns from U.S. taxpayers this year. At the end of March, more than 93 million had been filed and it’s a fair bet that included in these are around 1 million fraudulent returns.
In 2015, the IRS estimates that at least $14.6 billion in fraudulent tax returns were filed seeking a federal tax refund. The IRS stopped all but $2.24 billion of the fraudulent requests. Pretty good (about 0.6%) when you consider that the IRS paid a total of about $403 billion in refunds for fiscal year 2015 on total collections of $3.3 trillion. The average refund for the 2016 tax year is estimated to be just shy of $2,900.
Fraudulent tax returns are virtually always the result of a theft of personally identifiable information, including a person’s Social Security number, W-2 and W-9 forms. These personally identifiable data can then be packaged and sold on the dark web for as much as $20 per record, payable in untraceable bitcoin.
Scammers usually will try to obtain the personal records early in the year in order to file the tax return and receive the refund before the real taxpayer has a chance to file an authentic return. When the real taxpayer files a return, the IRS notifies the taxpayer of a duplicate return, and that is typically when the fraud is discovered.
More common and more productive from the thieves’ point of view are phishing scams directed at an HR or payroll department employee purporting to be from company executive asking for all employee data to be rolled up into a single file and emailed to the executive. The fraudulent request redirects the file to the cyber thieves.
With the total payout to fraudulent tax returns heading toward $3 billion this year and the chances of being caught and punished very small, it’s not hard to see why tax return fraud is both popular and lucrative. Network security expert Brian Krebs recommends the following steps to prevent a fraudster from using your personally identifiable information to file a fraudulent tax return:
- File early, before the fraudsters do.
- Routinely check your credit report.
- Monitor your credit report and then freeze it.
- File IRS Form 14039 to request a PIN.