tax refund fraud – Page 2 – Computer Security Articles

Name+DOB+SSN=FAFSA Data Gold Mine

November 24, 2017 admin FAFSA, irs, tax refund fraud

Credit to Author: BrianKrebs| Date: Fri, 24 Nov 2017 12:55:03 +0000

KrebsOnSecurity has sought to call attention to online services which expose sensitive consumer data if the user knows a handful of static details about a person that are broadly for sale in the cybercrime underground, such as name, date of birth, and Social Security Number. Perhaps the most eye-opening example of this is on display at fafsa.ed.gov, the Web site set up by the U.S. Department of Education for anyone interested in applying for federal student financial aid.

Independent Krebs

Private Eye Allegedly Used Leaky Goverment Tool in Bid to Find Tax Data on Trump

May 22, 2017 admin AGI, Averlock Investigations, Diverseeducation.com, Donald J. Trump, FAFSA, irs, Jamaal Abdul-Alim, Other, S. Gina Garza, tax refund fraud, Timothy P. Camus, U.S. Attorney J. Walter Green

Credit to Author: BrianKrebs| Date: Mon, 22 May 2017 20:11:27 +0000

In March 2017, KrebsOnSecurity warned that thieves who perpetrate tax refund fraud with the U.S. Internal Revenue Service were leveraging a widely-used online student loan tool to find critical data on consumers that allows them to claim huge refunds with the IRS in someone else’s name. This week, it emerged that a Louisiana-based private investigator is being charged with using the same online tool to glean tax data on then-presidential candidate Donald J. Trump. A story today at Diverseeducation.com points to court filings in the U.S. District Court for the Middle District of Louisiana, in which local private eye Jordan Hamlett is accused by federal prosecutors of abusing an automated tool at the U.S. Department of Education website that is designed to make it easier for families to complete the Education Department’s Free Application for Federal Student Aid (FAFSA) — a lengthy form that serves as the starting point for students seeking federal financial assistance to pay for college or career school.

Independent Krebs

Fraudsters Exploited Lax Security at Equifax’s TALX Payroll Division

May 18, 2017 admin avivah litan, Equifax, Gartner Inc., ICSI, Identity Theft, International Computer Science Institute, knowledge-based authentication, Nicholas A. Oldham, Nicholas Weaver, Other, TALX, tax refund fraud, two-factor authentication

Credit to Author: BrianKrebs| Date: Thu, 18 May 2017 20:23:13 +0000

Identity thieves who specialize in tax refund fraud had big help this past tax year from Equifax, one of the nation’s largest consumer data brokers and credit bureaus. The trouble stems from TALX, an Equifax subsidiary that provides online payroll, HR and tax services. Equifax says crooks were able to reset the 4-digit PIN given to customer employees as a password and then steal W-2 tax data after successfully answering personal questions about those employees. In a boilerplate text sent to several affected customers, Equifax said the unauthorized access to customers’ employee tax records happened between April 17, 2016 and March 29, 2017. Beyond that, the extent of the fraud perpetrated with the help of hacked TALX accounts is unclear, and Equifax refused requests to say how many consumers or payroll service customers may have been impacted by the authentication weaknesses.

Independent Krebs

Phishing 101 at the School of Hard Knocks

March 24, 2017 admin 2fa, BGSU, Bowling Green State University, irs, Matt Haschak, multi-factor authentication, Other, phishing, tax refund fraud, two-factor authentication

Credit to Author: BrianKrebs| Date: Fri, 24 Mar 2017 16:03:21 +0000

A recent, massive spike in sophisticated and successful phishing attacks is prompting many universities to speed up timetables for deploying mandatory two-factor authentication (2FA) — requiring a one-time code in addition to a password — for access to student and faculty services online. This is the story of one university that accelerated plans to require 2FA after witnessing nearly twice as many phishing victims in the first two-and-half months of this year than it saw in all of 2015.

Independent Krebs

Govt. Cybersecurity Contractor Hit in W-2 Phishing Scam

March 17, 2017 admin Accenture, data loss prevention, Defense Point Security, DLP, George McKenzie, IP PIN, Other, security freeze, tax refund fraud, U.S. Immigration and Customs Enforcement, w-2 phishing

Credit to Author: BrianKrebs| Date: Fri, 17 Mar 2017 22:02:02 +0000

Just a friendly reminder that phishing scams which spoof the boss and request W-2 tax data on employees are intensifying as tax time nears. The latest victim shows that even cybersecurity experts can fall prey to these increasingly sophisticated attacks. On Thursday, March 16, the CEO of Defense Point Security, LLP — a Virginia company that bills itself as “the choice provider of cyber security services to the federal government” — told all employees that their W-2 tax data was handed directly to fraudsters after someone inside the company got caught in a phisher’s net.

Independent Krebs

IRS: Scam Blends CEO Fraud, W-2 Phishing

February 2, 2017 admin ceo fraud, FBI, FTC, irs, John Koskinen, Other, tax refund fraud, tax return fraud, W-2 fraud, w-2 phishing

Most regular readers here are familiar with CEO fraud — e-mail scams in which the attacker spoofs the boss and tricks an employee at the organization into wiring funds to the fraudster. Loyal readers also have heard an earful about W-2 phishing, in which crooks impersonate the boss and request a copy of all employee tax forms. According to a new “urgent alert” issued by the U.S. Internal Revenue Service, scammers are now combining both schemes and targeting a far broader range of organizations than ever before.

Independent Krebs

Shopping for W2s, Tax Data on the Dark Web

January 31, 2017 admin Federal Trade Commission, Kirai Restaurant Group, Kirsta Grauberger, Other, seagate technology, Sunrun, tax refund fraud, The Payroll Professionals, W-2 fraud

The 2016 tax season is now in full swing in the United States, which means scammers are once again assembling vast dossiers of personal data and preparing to file fraudulent tax refund requests on behalf of millions of Americans. But for those lazy identity thieves who can’t be bothered to phish or steal the needed data, there is now another option: Buying stolen W-2 tax forms from other crooks who have phished the documents wholesale from corporations.