Tax Fraud Hits Florida

Fake Tax Returns Highlight Growing ID Theft Concerns

By , April 28, 2011.
Tax Fraud Hits Florida

H

See Also: Automate and Standardize your IAM to Radically Reduce Risk

ow did fraudsters hijack the identities of scores of South Florida residents for the filing of fraudulent tax returns?

No one knows the answer to this troubling question, but so far more than 70 South Florida victims have been affected. Among the known cases are two public works employees in Fort Lauderdale and six employees of the Miami Association of Realtors.

Most of the fraudulent returns were filed electronically, according to reports, using someone else's name and Social Security number. In most cases, the thieves had funds electronically routed to bank accounts, and then quickly withdrew the funds using debit cards at ATMs.

Kirk Nahra, a privacy expert and attorney for Washington-based law firm Wiley Rein LLP, says the electronification of tax payments has helped fraudsters. "This is a perfect example of where efficiency and speed run up against potential problems," he says. "The reason people file this way is because it is easy and efficient," but that means it's also easy for criminals to quickly perpetrate fraud.

Now, Sen. Bill Nelson, D-Fla., is calling for a federal investigation into the incidents, which have held up legitimate refunds for thousands of taxpayers.

Social Security Numbers 'Not Going Out of Style'

No connection has been reported between these incidents and the recently discovered breach at the Social Security Administration, which exposed personally identifiable information for some 37,000 people between May 2007 and April 2010. The SSA breach, announced earlier this month in an audit summary compiled by the SSA inspector general, involved the sale information in the Death Master File that erroneously contained information about living people. The Death Master File contains information about persons who had Social Security numbers and whose deaths have been reported to the SSA.

The IRS is not commenting on the South Florida tax fraud incidents, but Linda Foley, who heads up the Identity Theft Resource Center, an identity theft victim-assistance and public-education organization, says the identities were likely stolen from an outside source months or even years ago.

"The Social Security number is not going out of style, when it comes to fraud," Foley says. "These stolen Social Security numbers could go back a year and a half for all we know. That's why it's hard to trace the fraud back to a particular breach."

From a phishing attack to a database breach or internal fraud perpetrated by an employee who sold consumer files for profit, numerous scenarios could have led to the compromise of the Florida victims' identities, Foley says. It's just another example of the vulnerability of personal identifiable information, or PII.

"Something is going on in this case," she says. "It could be related to a phishing scam, now that more people are downloading malware without knowing it. They could have had Social Security and tax information on their computers, and once they were hit with malware, it got all of their information."

But a more likely scenario, Foley says, is that a database was breached, through phishing or some other means, and a list was obtained. "I think in this case the stolen identities were warehoused," meaning they were stolen in bulk, stored and then sold. "I think this relates more to someone buying a Social Security number, because they either don't have one or can't use their own," she says. "And when people buy Social Security numbers, they usually come from a warehoused list."

Follow Tracy Kitten on Twitter: @FraudBlogger

  • Print
  • Tweet Like LinkedIn share
Get permission to license our content for reuse in a myriad of ways.
ARTICLE Top Data Breaches of 2014

If the top breaches of 2014 taught the security world anything, it's that size and sector don't...

Latest Tweets and Mentions

ARTICLE Top Data Breaches of 2014

If the top breaches of 2014 taught the security world anything, it's that size and sector don't...

The ISMG Network