Posts Tagged ‘IdentityTheft’

IRS “Get Transcript” Application Hacked; 104,000 Tax Returns Illegally Accessed

Tuesday, May 26th, 2015

This afternoon IRS Commissioner John Koskinen announced that criminals were able to use the IRS “Get Transcript” application to access approximately 104,000 tax returns. (An additional 100,000 or so attempts were unsuccessful.) From the Wall Street Journal:

Thieves used the information from prior years’ returns to help them file for fraudulent refunds, the IRS said.

The IRS said the matter is under review by the Treasury Inspector General for Tax Administration as well as the IRS’s Criminal Investigation unit. In addition, the agency said its “Get Transcript” application—which the identity thieves successfully penetrated—has been shut down temporarily.

The IRS said it would provide free credit monitoring services for the approximately 100,000 taxpayers whose accounts were accessed. The IRS said it identified 200,000 attempts to access data and will notify all of these taxpayers about the incident.

The Hill has the number of returns accessed at 104,000.

That the Get Transcript application is insecure isn’t a surprise. Over one year ago I wrote:

Meanwhile, the Get a Transcript has its own problems. My partner attempted to use the service, but it could not verify either him or his wife as living where he’s lived for years. Second, the verification information relies on publicly available information for many. (It did for my partner, myself, and one other individual.) This is anything but a secure system. (I have sent a request to TIGTA noting the weakness of the system and requesting that they audit it. If TIGTA audits this, it’s unlikely we will hear anything for many months–probably not until 2015.) [emphasis in original]

Last year TIGTA responded to my request and stated that there were no issues with “Get Transcript.” I suspect they’ve changed their mind on that.

Meanwhile, I continue to have issues with IRS notices. Today I spoke with the Practitioner Priority Service (after being on hold for 1.5 hours) regarding a client where I have both a Tax Information Authorization (Form 8821) and a Power of Attorney (Form 2848), either of which should have had me copied on the notices. PPS confirmed that the POA and Tax Information Authorization were on file for the year in question. They could not explain to me why I didn’t receive any of the notices sent to my client.

One solution to the identity theft fiasco is the modest proposal on identity theft I made back in 2012. Instead, identity theft continues to balloon, while the IRS limits the tools available to tax professionals. Is it any wonder the IRS is so loved?

UPDATE: The IRS released a statement on the breach. Here are excerpts:

The IRS announced today that criminals used taxpayer-specific data acquired from non-IRS sources to gain unauthorized access to information on approximately 100,000 tax accounts through IRS’ “Get Transcript” application. This data included Social Security information, date of birth and street address.

These third parties gained sufficient information from an outside source before trying to access the IRS site, which allowed them to clear a multi-step authentication process, including several personal verification questions that typically are only known by the taxpayer. The matter is under review by the Treasury Inspector General for Tax Administration as well as the IRS’ Criminal Investigation unit, and the “Get Transcript” application has been shut down temporarily. The IRS will provide free credit monitoring services for the approximately 100,000 taxpayers whose accounts were accessed. In total, the IRS has identified 200,000 total attempts to access data and will be notifying all of these taxpayers about the incident…

The IRS determined late last week that unusual activity had taken place on the application, which indicates that unauthorized third parties had access to some accounts on the transcript application. Following an initial review, it appears that access was gained to more than 100,000 accounts through the Get Transcript application.

In this sophisticated effort, third parties succeeded in clearing a multi-step authentication process that required prior personal knowledge about the taxpayer, including Social Security information, date of birth, tax filing status and street address before accessing IRS systems. The multi-layer process also requires an additional step, where applicants must correctly answer several personal identity verification questions that typically are only known by the taxpayer.

I question that the answers to these questions are only known by the taxpayer. The questions I was asked could be discovered through a search of public records. It would be time consuming but entirely possible for a stranger who had my social security number and date of birth to answer all the other verification questions.

“Give us a tax code that is simple enough for taxpayers to comply with and simple enough for the IRS to administer, and you’ll dramatically reduce fraud.”

Thursday, March 12th, 2015

It’s not brain surgery. Tom Giovanetti hits the nail squarely on the head in his op-ed in The Hill.

Mr. Giovanetti notes that keeping the voters happy is why fraud prevention hasn’t been a big issue. But it is now, when identity theft (which voters really dislike) is mixed into the fraud. Add in the IRS’s lackidaisical attitude in the past and you have a recipe for massive fraud.

It’s not as if the IRS didn’t know about the fraud.

A July 2012 TIGTA report noted that problems “had been brought to [IRS] management’s attention long ago” via a September 2002 report, but “management has failed to take sufficient action to address those deficiencies.”

For the IRS, it might be nice to shift priorities toward this and away from your Quixotic battle for regulating tax professionals (this year, the Annual Filing Season Program). Meanwhile, I’ve tried for three days to call the IRS Practitioner Priority Service only to hear, “We’re sorry, but due to extremely high call volumes on that particular subject you’re call cannot be answered at this time.”

It Was the Sisterly Thing To Do

Sunday, March 1st, 2015

Three Wisconsin sisters allegedly decided that tax fraud and identity theft should stay in the family. They’ve been accused of filing 2,000 phony returns by the Wisconsin Department of Revenue.

The Staten sisters (Sharon, Tawanda, and Angela) face 22, 28, and 40 felony charges respectively. It appears the investigation began when Angela and an alleged accomplice, Anthony Coleman, were arrested at a traffic stop in East Troy, Wisconsin. The police found a fake income tax return along with other related evidence and forwarded that information to the Department of Revenue.

As to the scheme itself, it appears to be identity theft on a fairly large scale. With the help of accomplices, the sisters used the names of prison inmates to allegedly file the phony returns. While the DOR did stop many of the returns from being processed, the sisters allegedly took the department for $234,390. It’s a certainty that if the Wisconsin allegations are true that they took the IRS for more than that. The returns appeared to have been filed mainly with TurboTax.

At least one of the sisters is in prison with bail being set at $10,000. It’s quite probable that if that traffic stop hadn’t happened the sisters (if the allegations are true) would still be trying to fleece Wisconsin and the IRS.

“Ripping Off Your Refunds” In the Miami Herald

Sunday, February 22nd, 2015

There is an excellent article in the Miami Herald on the identity theft tax fraud crisis. The epicenter of this is South Florida (as noted in the article). I don’t have much to add to the frustrations of victims with the IRS’s conduct in these cases. One quote:

“The IRS call center person acted as if we were the ones who had done something wrong.”

Old Fashioned Theft Leads to New Fashioned Identity Theft

Thursday, January 22nd, 2015

A case out of my old home town of Visalia, California lets us know that sometimes there’s just not much you can do to prevent yourself from being a victim of identity theft. Back in 2011 Rebekah Root either stole documents from an IRS office in Visalia or she obtained them. (The original announcement from the DOJ doesn’t make it clear which is the case.) She then proceeded to commit identity theft using those documents.

TIGTA (the Treasury Inspector General for Tax Administration) investigated the theft, and when they found out that the paperwork was used to file returns on those individuals IRS Criminal Investigation joined in finding the culprit. Ms. Root pleaded guilty last year to wire fraud, making a false claim for a tax refund, and aggravated identity theft. She received 45 months at ClubFed for the $50,000 in fraudulent tax refunds she had claimed.

FTC Sponsors Tax Identity Theft Awareness Week

Saturday, January 10th, 2015

Coincidentally (see the previous post), yesterday I received an email from Lisa Lake, Director of Consumer & Business Education of the Federal Trade Commission (FTC). She was highlighting the FTC’s Tax Identity Theft Awareness Week. Happily, this is not a how-to for individuals looking to commit identity theft; rather, it’s a campaign to raise awareness of how consumers can protect themselves from tax ID theft and IRS imposter scams.

Here’s what Ms. Lake wrote:

I thought Taxable Talk readers would like to know about Tax Identity Theft Awareness Week, an initiative led by the Federal Trade Commission taking place January 26-30, 2015.

Identity theft is the largest complaint category at the FTC and, within that category; tax identity theft has emerged as the largest subcategory. IRS imposter scams and similar ruses are a new twist targeting taxpayers. As of August 2014, Treasury Inspector General for Tax Administration (TIGTA) had received over 210,000 complaints with victims losing about $11 million to these scams. The Federal Trade Commission (FTC)’s Sentinel data also shows a significant spike with tens of thousands of these complaints in 2014.

IRS imposter schemes typically work like this:

• Someone calls or emails pretending to be from the IRS
• Scammers rig caller ID to make it look like IRS is calling (may have DC 202 area code)
• Scammers may know the last 4 digits of your SSN
• They may use fake IRS badge #s
• They ask people to wire money or put it on a money card
• Scammers may threaten arrest, deportation or loss of driver’s license
• Sometimes they make a follow-up call pretending to be from DMV or police, also rigging caller id

Your newspaper can help raise awareness about how consumers can protect themselves from tax ID theft and IRS imposter scams. The Federal Trade Commission’s (FTC) Tax Identity Theft Week website (ftc.gov/taxidtheft) provides your readers with tools to do that. We also want to let consumers know how to file a complaint with the FTC; we hope you share the complaint link www.ftc.gov/complaint and the toll-free number 1-877-FTC-HELP with your readers, as well.

Also, there will be a free webinar hosted by the FTC on during Tax Identity Theft on January 27, 2015, at 2pm EST. Consumers can visit ftc.gov/taxidtheft to register and get more information.

I’m all for anything that will put a bite into identity theft. Hopefully this will make a difference.

Tax Fraud on the Wholesale

Saturday, January 10th, 2015

Out of New York City comes allegations of wholesale tax fraud. Seven individuals were arrested on Thursday and charged with conspiracy to defraud the US, conspiracy to commit wire fraud, and aggravated identity theft. Some of the defendants were charged with subscribing to a false tax return. The allegations show a scheme that took inside information and allowed widespread tax fraud. Here’s how it supposedly worked.

One of the defendants worked for the New York City Human Resources Administration as a fraud investigator. He allegedly sold names, dates of birth, and social security numbers to the other members of the conspiracy. They allegedly used their tax practice in the Bronx to prepare thousands of returns with the Earned Income Tax Credit using the stolen identities. This gave individuals a higher refund…and allowed the conspirators to allegedly pocket some of the proceeds. The scheme supposedly ran from at least 2009 to 2014. The conspirators were quite brazen; they allegedly continued with their conspiracy even after search warrants were executed on their business. (Hint: That was not a good idea.)

The scheme intertwined two areas of tax fraud: The Earned Income Credit and identity theft. Both have been repeated topics on this blog.

If found guilty the defendants are looking at terms at ClubFed.

2014 Tax Offender of the Year

Wednesday, December 31st, 2014

It’s time again for that most prestigious of prestigious awards, the 2014 Tax Offender of the Year. The winner of this award must do more than just cheat on his or her taxes. It has to be special; it really needs to be a Bozo-like action or actions. Once again, there were plenty of nominees.

The Miccosukee tribe is still having its battles with the IRS. The tribe is exempt from taxes but its members are not. The tribe has refused to send financial documents to the IRS. The tribe appealed the most recent order that they do provide the data; a ruling is expected soon from the 11th Circuit Court of Appeals. If the tribe loses this round, the battle will likely be over.

Another nominee was John Koskinen. If that name sounds familiar to you, it should; he’s the IRS Commissioner. Mr. Koskinen testified to Congress that, “I’ve tried to tell you the truth every time I’ve been here.” I had a simple question for Mr. Koskinen: Why doesn’t that quote read I’ve told you the truth every time I’ve been here? The obfuscation by the IRS on the current scandal has led directly to the IRS’s budget being cut.

Charles Waldo received a nomination for allegedly emulating Steven Martinez. (Mr. Martinez won the 2012 Tax Offender of the Year award for hiring a hit man to eliminate witnesses against him in a tax fraud case.) Mr. Waldo was arrested on a 50-count indictment for insurance fraud, tax evasion, felony vandalism, and a high speed chase in California. While awaiting trial, Mr. Waldo allegedly hired a hit man to kill witnesses against him. He’s had ten additional counts added to his indictment. At this point, though, these are just allegations; we’ll have to wait until 2015 to see if Mr. Waldo can truly be nominated.

Finally, Rashia Wilson received a nomination. Ms. Wilson received 21 years at ClubFed for tax fraud. Now, she was indicted in 2012 and convicted in 2013. For those who don’t remember her, there’s this from the Tampa Bay Times:

“I’m Rashia, the queen of IRS tax fraud,” Wilson said May 22 on her Facebook page, according to investigators. “I’m a millionaire for the record. So if you think that indicting me will be easy, it won’t. I promise you. I won’t do no time, dumb b——.”

Ms. Wilson also posted this wonderful picture:

Rashia Wilson (Image Credit: Tampa Police Department)

In any case, Ms. Wilson, who now resides at a federal prison in Aliceville, Alabama, was ordered to pay $25 each quarter toward the $3.1 million in restitution she owes the IRS. She has asked a US District Court to suspend the payments because she is only making $5.25 each month and must buy vitamins and hygiene items. Ms. Wilson is a reminder to all that bragging about illegal activities on Facebook isn’t a brilliant idea.


Back in 2012 I wrote a post titled, “A Modest Proposal on Tax-Related Identity Theft.” The IRS admits that this is a huge issue. Unfortunately, the IRS is still mostly reactive rather than proactive on this front.

This year, I’ve decided to spotlight an identity thief as the Tax Offender of the Year. I deliberately chose this kind of tax offense because, as the IRS states, “We know identity theft is a frustrating process for victims.” I don’t know of any tax professional with a large practice who hasn’t seen a case of identity theft. My business partner’s late stepfather was a victim of identity theft when his social security number was published on the Social Security Death Index.

Identity theft causes trauma in a victim’s life, and this trauma can last years. The problems can be psychological and actual, impacting the mundane (purchasing), filing a tax return, buying property, and a victim’s self-esteem.

I had literally hundreds of identity thieves to choose from. I naturally chose someone who committed a huge fraud, and whose actions were egregious. For the record, a Google search of the Justice Department’s website looking for “identity theft” for just December 2014 found about 140 entries.

From Smyrna, Georgia comes the story of Mauricio Warner. Mr. Warner told individuals that you could receive a “stimulus payment” or “Free Government Money.” Instead, the over 5,000 victims had a tax return filed in their names. The tax returns contained false income amounts and refundable tax credits to generate the erroneous refunds. Of course, the refunds were direct deposited into bank accounts that Mr. Warner controlled.

Mr. Warner was indicted in April, 2013. He was accused of 16 counts of wire fraud, 16 counts of aggravated identity theft, 16 counts of filing false claims, and two counts of money laundering. He was tried earlier this year, and found guilty of all the charges. He was sentenced to 20 years at ClubFed and was ordered to make restitution of $5,041,869. Partial restitution has already occurred; the court ordered forfeiture of seven bank accounts that contained $4,185,455.31. (While there have been abuses of forfeiture, this is a case where it appears to be amply justified.) For the record, Mr. Warner has filed an appeal.

While the IRS continues to spend money on its quixotic goal of regulating all tax professionals, the plague of identity theft continues. Yes, the IRS is making strides and has implemented some ideas that will stop some of this scourge. But priorities at the IRS seem a little off to me: All of the money being directed into the IRS’s Annual Filing Season Program could be redirected into fighting identity theft.


One year I’m hopeful that I’ll write, “I could not find a deserving candidate for the Tax Offender of the Year.” Unfortunately, I suspect that I’ll have plenty to choose from in 2015, too.

That’s a wrap on 2014. I wish everyone a happy, healthy, and safe New Year.

Alabama Trying Pop Quizzes to Prevent Identity Theft Refunds

Sunday, November 9th, 2014

An AP Story notes that states are also trying to crack down on identity theft tax refunds. Alabama will be trying pop quizzes. No, not the pop quizzes you had in school but questions related to your identity (e.g. Did you live on Main Street?) that only you would know.

Individuals with unusual returns will receive a letter in the mail asking them to go to an Internet website (or call the Alabama Department of Revenue) so that they can take the quiz. Once returns ‘pass,’ the refunds will be processed. The system is provided by LexisNexis.

While the story does not note what would cause a return to be unusual, I suspect the Alabama Department of Revenue has implemented a version of my modest proposal on identity theft: If the return’s address (or bank account for direct deposit) doesn’t match the prior year’s return, the quiz is sent.

Kudos to the Alabama Department of Revenue for trying this. While the Alabama Department of Revenue noted that they stopped $18 million of identity theft-related refunds in 2012 (the 2013 total is not yet available), undoubtedly many were processed. This seems like a relatively simple process that should stop many identity theft-related refunds.

When Two Intelligent Individuals Reach the Opposite Conclusion…

Sunday, May 11th, 2014

…You know there’s a problem. Welcome to the brave new world of signature documents.

Jason Dinesen has a post where he believes that I am wrong about the conclusions I’ve drawn on signature documents. Jason might be right or I may be correct.

What’s a fax? Is it a handwritten signature document or an electronic signature document? What’s a scan of a handwritten signature document? Consider that many tax professionals now scan every document they receive; we don’t keep paper. IRS policies allow for the keeping of scanned documents (as long as there’s a system to track them and as long as you can print them). Let’s assume that the IRS audits us and wants copies of all the “handwritten” signature documents. We print them all out. How can the IRS tell which ones were scanned and which ones were handwritten in my office? Mind you, if the IRS tells me that scanned signature documents are electronic signature documents, I’ll note that.

Jason and I reached the opposite conclusion on what this new policy means. The only way to know for sure which of is right is for the IRS to issue guidance on the questions I asked in my original post. As Jason said, “But the fact that two smart tax pros like us can have different takes on this just drives home the fact that the IRS needs to clarify this.” On that I agree completely.