Understanding Tax-Related Identity Theft and Refund Fraud

Cyberattacks certainly didn’t give anyone a reprieve in the previous year. Data breaches, network infiltrations, bulk data theft and sale, identity theft, and ransomware outbreaks all occurred in 2020 and the underground market shows no indications of halting.

One of the many frauds that occurred was the Pandemic Unemployment Assistance (PUA) fraud whereby fraudsters went away with about $36 billion of the $360 billion in CARES Act unemployment benefits, a temporary program created by the federal CARES Act in March. It offers unemployment benefits to workers who don’t ordinarily qualify, like the self-employed, gig workers, freelancers, contractors and part-timers. Now cyber criminals are shifting gears towards a not so new source of cash out. Tax Refund.

With 2020 being a year of unprecedented loss and financial strain for some Americans coupled with a record unemployment and numerous assistance programs ending, any extra income is a huge benefit. As Americans are anxious to file their tax returns as quickly as possible to get their tax refunds, so are Cyber Criminals waiting to pounce while coaching others on the best way to game the system.

Cyber criminals utilize stolen personally identifiable information (PII) to file victims’ tax returns and then receive their refunds. The scam usually occurs when an identity thief uses a legitimate taxpayer’s identity to file a fraudulent tax return and claim a refund. Generally, the identity thief will use stolen credentials — popularly known as Fullz on the darknet — to file a fraudulent tax return with the aim of cashing out early. By filing the fraudulent tax return early, the identity thief typically receives the refund before the victim sends his or her tax return for processing.

Wondering how the bad guys are able to trick the IRS system to process and pay a fraudulent claim?

Here is a concise overview of how it’s done. Firstly, PII of the victim is acquired from any of the numerous underground shops or purchased from closed instant messaging groups.

Background check service such as [TruthFinder] is utilized to get more information about the victim so as not to run into roadblock when filling online forms.

A not so popular website is used to do a trial run and compute how much tax refund to expect on payday then TurboTax, a software package for preparation of American income tax returns is used to file for tax refund.

One way the Internal Revenue Service (IRS) has sought to stem the flow of false tax refund applications is to issue an Identity Protection PIN, which is a six-digit number assigned to eligible taxpayers to help prevent the use of their Social Security number a fraudulent income tax returns. Each PIN is good only for the tax year for which it was issued.

“This is a way to, in essence, lock your tax account, and the IP PIN serves as the key to opening that account,” said IRS Commissioner Chuck Rettig. “Electronic returns that do not contain the correct IP PIN will be rejected, and paper returns will go through additional scrutiny for fraud.”

The IRS launched the IP PIN program nearly a decade ago to protect confirmed identity theft victims from ongoing tax-related fraud. In recent years, the IRS expanded the program to specific states where taxpayers could voluntarily opt into the IP PIN program. Now, the voluntary program is going nationwide i.e. all taxpayers are eligible to the Identity Protection PINs.

The rate at which cyber fraudsters are working hard to game the system is alarming, and a stark reminder of the fact that criminals are never sensitive to whatever hardship their victims would be experiencing.

Last year was very tough for everyone, but now miscreants are working really hard to make things a little tougher for some.