An Internal Revenue Service identity theft scam we first reported about here on Techlicious months ago has reached critical levels. Last night, the IRS confirmed that thieves exploited a security weakness on its website to create accounts for more than 100,000 U.S. taxpayers, all in an effort to claim millions in fraudulent tax refunds.
Here’s how the scam works. First, an organized crime group purchases a list of stolen identities on the black market. They then use this data to create an account for you at IRS.gov through the relatively obscure “Get Transcript” page. Once that account is created, the criminal will download your past year’s tax return and use the data from it to create and e-file a false tax return for the current year in your name. The thief gets the money; you get the hassle of undoing the damage. To the syndicates behind it, the payouts have been tremendous -- $50 million this year, according to The New York Times.
The unfortunate part: This lucrative scam owes its existence to real security weaknesses at the IRS. Its method for verifying identities – via the use of questions about your mother’s maiden name, past addresses and bank accounts – may have been secure enough in 1999. But with so many data leaks happening on a seemingly regular basis, thieves can easily foil the IRS ID question setup. Making matters worse is that once the thief “proves” they are you, the agency’s privacy rules kick in, making it incredibly difficult for the fraudulent payments and data theft to be stopped. One victim reported frustration at the IRS being unable to stop a payment from going to a thief even after the identity theft had been reported.
The IRS has shut down its “Get Transcript” page for now – an important and obvious first step in stopping the thieves. Investigations are already underway. What the IRS needs to do next is overhaul its computer security, improve its communication with taxpayers about creating IRS.gov accounts and redesign its website to make it easier to use. It also needs to take reports of fraud more seriously. These changes may be expensive, but Congress needs to be there with the authority and money to do so ASAP – we can’t afford to keep losing billions per year of U.S. Treasury money on these types of scams.
[Viewing tax form on tablet via Shutterstock]