Tax return fraud widespread, possibly linked to stolen login credentials to online tax filing accounts

Herb Weisbaum reports:

The recent flood of fraudulent tax returns — both state and federal — is the work of “a criminal gang, possibly working outside the country,” a leading cyber security expert told NBC News.

Haywood Talcove, CEO for government solutions at LexisNexis, believes the gang is using stolen user names and passwords to gain access to the accounts of people who use online tax preparation software.

If that’s the case, then the thieves don’t have to have stolen identity information like name, SSN, and date of birth.

The hypothesis that login credentials have been acquired receives some anecdotal report from at least one consumer:

Letchworth was able to see the bogus return the criminals had filed. They had all the information from last year’s return — including the names and Social Security numbers of everyone in her family, employer names, even a special education credit she claimed.

“It’s really frightening,” she said. “It’s painfully clear they got into my account.”

Brian Krebs also offers some support for the stolen logins hypothesis. Weisbaum reports:

Security expert Brian Krebs told NBC News that he’s found login credentials for TurboTax, H&R Block and similar services being sold on the dark web for just pennies each.

“Typically, the usernames and passwords for consumer accounts at these services are obtained via password-stealing malware that infects end-user PCs,” Krebs writes on his blog.

Intuit, the parent company of TurboTax, continues to insist that there had been no breach of their system. But perhaps we should be asking about how these e-filing sites authenticate users. Changing your password and using unique passwords across sites is standard advice, but won’t protect you if your new password is also stolen by malware.

Read more on NBC.

About the author: Dissent

Has one comment to “Tax return fraud widespread, possibly linked to stolen login credentials to online tax filing accounts”

You can leave a reply or Trackback this post.
  1. IA Eng - February 10, 2015

    and it doesn’t help when so-called researchers want a little spotlight, and release 10 million username and password combos. A List like this is worth something to some one. It gives the crooks the ability harvest some knowledge about password themes particular people use. I for one have not downloaded the content, and I do not wish to. I am sure the link is being watched closely. yes, I realize it may be a torrent link at the author’s site – for now, but I have a feeling nothing is as secure as it seems. The TOR was compromised a while back, so, nothing is truly bullet-proof.

    So if there are ANY legitimate user/password combo’s alive in this list above, it only proves that corporations aren’t willing to require people to change passwords on a regular basis and that crooks can always use anyone’s research to their benefit. Its only a matter of time that some one comes out with a script that will use, say a TXT file to check username and passwords on the millions of websites that are out there. All a script kiddie has to do is fill in the site name to be checked, browse to the combo list to be checked and wait.


Comments are closed.