Tax return fraud widespread, possibly linked to stolen login credentials to online tax filing accounts
Herb Weisbaum reports:
The recent flood of fraudulent tax returns — both state and federal — is the work of “a criminal gang, possibly working outside the country,” a leading cyber security expert told NBC News.
Haywood Talcove, CEO for government solutions at LexisNexis, believes the gang is using stolen user names and passwords to gain access to the accounts of people who use online tax preparation software.
If that’s the case, then the thieves don’t have to have stolen identity information like name, SSN, and date of birth.
The hypothesis that login credentials have been acquired receives some anecdotal report from at least one consumer:
Letchworth was able to see the bogus return the criminals had filed. They had all the information from last year’s return — including the names and Social Security numbers of everyone in her family, employer names, even a special education credit she claimed.
“It’s really frightening,” she said. “It’s painfully clear they got into my account.”
Brian Krebs also offers some support for the stolen logins hypothesis. Weisbaum reports:
Security expert Brian Krebs told NBC News that he’s found login credentials for TurboTax, H&R Block and similar services being sold on the dark web for just pennies each.
“Typically, the usernames and passwords for consumer accounts at these services are obtained via password-stealing malware that infects end-user PCs,” Krebs writes on his blog.
Intuit, the parent company of TurboTax, continues to insist that there had been no breach of their system. But perhaps we should be asking about how these e-filing sites authenticate users. Changing your password and using unique passwords across sites is standard advice, but won’t protect you if your new password is also stolen by malware.
Read more on NBC.