Income tax identity theft is a 5.9 billion dollar problem that the IRS and Congress have still not responded to sufficiently. Most income tax identity theft involves a criminal filing an income tax return with phony W-2 information using a victim’s Social Security number. If undiscovered by the IRS, as many of these phony returns are, the IRS sends the refund and the person whose Social Security number was stolen has his or her legitimate income tax return flagged when it comes in as a second income tax return using the same Social Security number. It often takes many months before the victim is able to get his or her true refund.
But now, a new twist has come to income tax identity theft. Where most income tax identity theft, as described above relies on the identity thief filing an income tax return before the victim files his or her legitimate tax return, now we are seeing a number of people who file their income tax returns electronically using TurboTax having their refunds stolen after the victim has electronically filed their legitimate income tax return.
People who have been victimized by this new type of income tax identity theft all filed electronically and had their electronic filing fees deducted from their refunds. Generally the refunds are deposited with Tax Products Group a bank owned by the Green Dot Corporation where the fees are taken out and the balance sent to a bank account designated by the tax filer. What has been happening is hackers are hacking into the accounts of their victims and changing the bank account into which the refund is to be deposited. It is not clear yet if the breach of security is with TurboTax, Tax Products Group or the individual taxpayers although it would appear from the relatively small numbers of people so far affected by this scam that the security breach is with the individual taxpayers whose own computers were most likely hacked.
Filing income tax returns online through TurboTax and other similar companies is still a safe way to file your taxes. In response to this problem, TurboTax has already made security changes including requiring users of TurboTax to answer security questions before they are able to access their accounts or refunds. TurboTax is also considering flagging customers who attempt to change their bank account information. These are good steps to help stop this type of identity theft, but we have to do our part as well. Protecting the computers and other electronic devices you use for financial transactions with regularly updated security software and avoiding clicking on links and downloading attachments unless you are absolutely sure that the links or attachments are legitimate are important steps that everyone should take.