ThreatMetrix Tax Tips to Avoid Losing Your Identity and Uncle Sam’s Taxes to the Cyberthieves Who Stole Close to $4 Billion Last Year.

Posted on March 10th, 2014 by Dan Rampe


More than 125 million tax returns were filed online last year, almost double the year before. How would you guess 93 percent of the fraudulent returns were filed? Online. And yes, that was a rhetorical question.

“The technology surrounding tax returns has advanced to provide a quicker and easier filing process for taxpayers, but such technology can offer additional opportunities for cybercriminals to steal identities,” said Alisdair Faulkner, chief products officer, ThreatMetrix. “However, the risks associated with tax e-filing can be mitigated through comprehensive cybersecurity strategies. Specifically, businesses and government agencies must implement anonymized sharing of trusted identity intelligence without compromising personal identities and privacy.”

Cybercriminals have come up with any number of strategies for ripping off the taxpayer and the tax system including:

• Filing Fraudulent Returns – Cybercriminals file fraudulent tax returns for children, adults who don’t earn enough to require returns and even dead people. A 2013 report by the Treasury Inspector General found the Internal Revenue Service (IRS) gave away nearly $4 billion in fraudulent tax refunds the previous year. Many consumers filing tax returns find out that someone else illegally filed a return in their name. Cybercriminals often get returns on pre-paid cards which are then turned into cash. Legitimate taxpayers are left holding the bag. They’re the ones who are forced to deal with IRS, re-file correct returns and make sure their data and identity are being used for other frauds.

• Stealing Identities – After legitimate users file their returns online, cybercriminals can sometimes hack the system and steal the personal information found in a return including names, bank accounts and social security numbers. In the first half of 2013 alone, 1.6 million taxpayers were affected by identity theft.

• Using Social Networks to Steal Personal Information – Now cybercriminals are turning to social networks to identify potential targets and collect the type of information they need to complete returns. What they look for includes the user’s number of children, marital status and employer. That way the crooks can claim the correct number of dependents and estimate a believable annual salary.

The launch of a new IRS mobile app this year poses additional risks for tax return fraud. The app provides information on a user’s refund status and tax records, as well as a portal that allows taxpayers to download their returns since 2009. Despite the convenience factor for consumers, these tools make it easier for cybercriminals to illegally obtain more personally identifiable information than was previously available.

“It’s essential for consumers to use caution when filing returns online and avoid publicly sharing personally identifiable information, but it’s up to governmental agencies and private industries to collaborate on sharing data that can be used to prevent cybercrime,” said Faulkner. “Private industries have begun to adopt more sophisticated screening procedures, and government agencies such as the IRS need to follow suit with a layered approach including advanced fraud prevention and context-based security to effectively prevent cybercrime associated with online tax returns.”

In February 2013, President Obama signed an Executive Order on Improving Critical Infrastructure Cybersecurity, which mandated an update of the current cybersecurity framework. In February 2014, the National Institute of Standards and Technology updated the framework with voluntary guidelines for the government and private sector to address and manage cybersecurity risks, such as the increased risks of tax e-filing. A key takeaway is the need for a collective and orchestrated response to threats facing the nation’s infrastructure and mission-critical applications.

To make electronic filing safer, ThreatMetrix urges the government and private industry share relevant anonymized intelligence in real time via a shared network — without compromising taxpayer privacy. This combined intelligence effort can dramatically reduce the amount of tax revenue lost to fraud and identity theft this tax season.

For more information and an infographic about the above information, visit

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix™ Global Trust Intelligence Network, which analyzes over 500 million monthly transactions and protects more than 160 million active user accounts across 2,500 customers and 10,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.


Cybercrime Poses Severe Risk to Nation’s Critical Infrastructure

Posted on October 29th, 2013 by Dan Rampe

Continuing its Alignment to National Cyber Security Awareness Month, ThreatMetrix Outlines Preventative Measures to Protect Critical Infrastructure



San Jose, Calif. – October 29, 2013 – ThreatMetrix™, the fastest-growing provider of integrated cybercrime solutions, continues its commitment to National Cyber Security Awareness Month by aligning to the week five theme, “Critical Infrastructure and Cybercrime.” As the nation’s critical infrastructure operations – including water and power utilities – increasingly move online, they are at risk of cyber attacks every day.

According to the Department of Homeland Security, American water and power utilities are under daily cyber attacks. Since critical infrastructure systems have only recently transitioned online, advanced cybercrime prevention measures have not yet been fully developed to stay ahead of these sophisticated cyber attacks.

“Anywhere critical infrastructure is linked to the Internet, there is inevitably a high risk for cybercrime and businesses and government agencies need to step up their game to protect against such risks,” said Andreas Baumhof, chief technology officer, ThreatMetrix. “Based on the number of attacks occurring on a daily basis, it appears those responsible for protecting critical infrastructure are already behind on developing preventative strategies and this needs to change immediately.”

Steps to Mitigate Critical Infrastructure Risks

The cybercrime threat to critical infrastructure has recently become so severe that President Obama signed an Executive Order on Improving Critical Infrastructure Cybersecurity. Through the Executive Order, the Obama Administration urges critical infrastructure to meet the standards and procedures necessary to address cyber risks, including updating the cybersecurity framework to defeat sophisticated cybercriminals. An initial draft of the framework was just released this month and complements October’s designation as National Cyber Security Awareness Month.

While the framework outlined in President Obama’s Executive Order is valid, one should not forget that there are some straightforward technologies that can be put into place, many of which have been proven in other areas for years.

Avoid relying entirely on the Internet – Connecting all critical infrastructure to the Internet can be detrimental in terms of cybercrime risk. Rather, those responsible for infrastructure must implement careful network segmentation and controls to determine the level of power, water and other utilities that should be housed online.

Add contextual authentication – Critical infrastructure should have a higher level of authentication than other online identities each time an authorized user logs into the system – including added passwords, security questions and more. This decreases the chances of cybercriminals developing strategies to infiltrate critical infrastructure systems.

Examine each and every transactions for signs of risk– Using a network of prior transactions, logins and personas such as the ThreatMetrix™ Global Trust Intelligence Network (The Network), businesses and government agencies can determine the level of risk for each transaction accessing critical infrastructure. Risky behavior may include a user connecting from a disguised location using a virtual private network (VPN), accessing information via a compromised device or logging into one account from several devices.

Following the release of The Network earlier this year, ThreatMetrix has added additional features that address the challenge of determining risk and suspicious behavior. One of the updates, PersonaID, provides insight into interconnections between devices and entities such as the devices from which an account login has been access. The other update, TrustTags, enables businesses to either positively or negatively mark transactions, personas and logins for risk so the next time a user returns, the business knows whether it has been identified yet.

“Trust Tags offer the only solution that enables businesses to effectively ‘tag’ bad actors while reducing friction and additional authentication for authentic returning users and devices,” said Baumhof. “Having a repository of bad actors can help government agencies assure those transactions are rejected from accessing critical government infrastructure.”

As businesses and government agencies continue to develop and implement a broad framework protecting critical infrastructure, putting cybercrime prevention measures in place can protect infrastructure from cyber attacks that compromise water, power and other critical facilities. Aligning with the week five theme of National Cyber Security Awareness Month – “Critical Infrastructure and Cybercrime” – ThreatMetrix continues its commitment to developing advanced technology that protects against cybercrime.

For more information on National Cyber Security Awareness Month, visit: or

About ThreatMetrix

ThreatMetrix secures Web transactions against account takeoverpayment fraudidentity spoofing, malware, and data breaches. The ThreatMetrix Global Trust Intelligence Network, which analyzes 500 million monthly transactions, provides context-based authentication and Web fraud prevention to help companies accelerate revenue, reduce costs and eliminate friction. ThreatMetrix protects more than 1,900 customers and 9,000 websites across a variety of industries, including financial servicesenterprisee-commerce, payments, social networks, government, and insurance. For more information, visit or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

© 2013 ThreatMetrix. All rights reserved. ThreatMetrix, TrustDefender ID, TrustDefender Cloud, TrustDefender Mobile, TrustDefender Client, the TrustDefender Cybercrime Protection Platform, ThreatMetrix Labs, and the ThreatMetrix logo are trademarks or registered trademarks of ThreatMetrix in the United States and other countries. All other brand, service or product names are trademarks or registered trademarks of their respective companies or owners.

Media Contacts

Dan Rampe
Tel: 408-200-5716

Tory Patrick
WalkerSands Communications
Tel: 312-533-9823