Digital Identity Blog

Thought leadership for cybersecurity, fraud and digital channel professionals

ThreatMetrix Tax Tips to Avoid Losing Your Identity and Uncle Sam’s Taxes to the Cyberthieves Who Stole Close to $4 Billion Last Year.

By ThreatMetrix
ThreatMetrix®, The Digital Identity Company®, is the market-leading cloud solution for authenticating digital personas and transactions on the Internet. Verifying more than 20 billion annual transactions supporting 30,000 websites and 4,000 customers globally through the ThreatMetrix Digital Identity Network®, ThreatMetrix secures businesses and end users against account takeover, payment fraud and fraudulent account registrations resulting from malware and data breaches.
Follow ThreatMetrix ThreatMetrix's Most Recent Posts:

More than 125 million tax returns were filed online last year, almost double the year before. How would you guess 93 percent of the fraudulent returns were filed? Online. And yes, that was a rhetorical question.

“The technology surrounding tax returns has advanced to provide a quicker and easier filing process for taxpayers, but such technology can offer additional opportunities for cybercriminals to steal identities,” said Alisdair Faulkner, chief products officer, ThreatMetrix. “However, the risks associated with tax e-filing can be mitigated through comprehensive cybersecurity strategies. Specifically, businesses and government agencies must implement anonymized sharing of trusted identity intelligence without compromising personal identities and privacy.”

Cybercriminals have come up with any number of strategies for ripping off the taxpayer and the tax system including:

• Filing Fraudulent Returns – Cybercriminals file fraudulent tax returns for children, adults who don’t earn enough to require returns and even dead people. A 2013 report by the Treasury Inspector General found the Internal Revenue Service (IRS) gave away nearly $4 billion in fraudulent tax refunds the previous year. Many consumers filing tax returns find out that someone else illegally filed a return in their name. Cybercriminals often get returns on pre-paid cards which are then turned into cash. Legitimate taxpayers are left holding the bag. They’re the ones who are forced to deal with IRS, re-file correct returns and make sure their data and identity are being used for other frauds.

• Stealing Identities – After legitimate users file their returns online, cybercriminals can sometimes hack the system and steal the personal information found in a return including names, bank accounts and social security numbers. In the first half of 2013 alone, 1.6 million taxpayers were affected by identity theft.

• Using Social Networks to Steal Personal Information – Now cybercriminals are turning to social networks to identify potential targets and collect the type of information they need to complete returns. What they look for includes the user’s number of children, marital status and employer. That way the crooks can claim the correct number of dependents and estimate a believable annual salary.

The launch of a new IRS mobile app this year poses additional risks for tax return fraud. The app provides information on a user’s refund status and tax records, as well as a portal that allows taxpayers to download their returns since 2009. Despite the convenience factor for consumers, these tools make it easier for cybercriminals to illegally obtain more personally identifiable information than was previously available.

“It’s essential for consumers to use caution when filing returns online and avoid publicly sharing personally identifiable information, but it’s up to governmental agencies and private industries to collaborate on sharing data that can be used to prevent cybercrime,” said Faulkner. “Private industries have begun to adopt more sophisticated screening procedures, and government agencies such as the IRS need to follow suit with a layered approach including advanced fraud prevention and context-based security to effectively prevent cybercrime associated with online tax returns.”

In February 2013, President Obama signed an Executive Order on Improving Critical Infrastructure Cybersecurity, which mandated an update of the current cybersecurity framework. In February 2014, the National Institute of Standards and Technology updated the framework with voluntary guidelines for the government and private sector to address and manage cybersecurity risks, such as the increased risks of tax e-filing. A key takeaway is the need for a collective and orchestrated response to threats facing the nation’s infrastructure and mission-critical applications.

To make electronic filing safer, ThreatMetrix urges the government and private industry share relevant anonymized intelligence in real time via a shared network — without compromising taxpayer privacy. This combined intelligence effort can dramatically reduce the amount of tax revenue lost to fraud and identity theft this tax season.

For more information and an infographic about the above information, visit

By ThreatMetrix Posted