Tuesday, 24 February 2015

[WardFive] Fwd: taxgirl: Tax Professionals Targeted In Latest Bogus IRS Email Scam plus 1 more

FYI.   It's the tax season, and the scammers and hackers are hard and FAST at work!  

Theodora H. Brown

Begin forwarded message:

From: Taxgirl <noreply+feedproxy@google.com>
Date: February 24, 2015 at 7:02:05 AM EST
To: Thbrownlawyer@msn.com
Subject: taxgirl: Tax Professionals Targeted In Latest Bogus IRS Email Scam plus 1 more
Reply-To: Taxgirl <feed@taxgirl.com>

Taxgirl

taxgirl: Tax Professionals Targeted In Latest Bogus IRS Email Scam plus 1 more

Link to Taxgirl

Tax Professionals Targeted In Latest Bogus IRS Email Scam

Posted: 23 Feb 2015 07:41 PM PST

It turns out that scammers aren't just targeting taxpayers: tax professionals are on their radars, too.

The Internal Revenue Service (IRS) has warned tax professionals to use caution after reports of bogus emails started making the rounds. In the latest scheme, tax professionals are sent a bogus email with instructions to update their IRS e-services portal information and Electronic Filing Identification Numbers (EFINs) by clicking links. In actuality, the links appear to be part of a phishing scheme designed to capture your username and password.

To be clear, the IRS is not sending out this email: it is not generated by the IRS e-services program. The IRS encourages tax professionals who receive the bogus email to ignore it: do not click on the links. If you want to report the email, you can do so by sending it to phishing@irs.gov.

IRS Commissioner John Koskinen reminded taxpayers to "be wary of clicking on strange emails and websites" this season. And yes, that includes tax professionals, too.

For more information about phishing, check out this IRS video:

What If Tax Refund Theft Isn't Really About Refund Theft?

Posted: 23 Feb 2015 04:40 AM PST

Jim* (not his real name) knows all about the importance of having a secure password for his financial accounts. It's what he does for a living. He does security work and has spent a lot of his professional life learning how to avoid a hack.

So when he signed in to his TurboTax account last week, he was more than a little bit surprised to find that Intuit's system said that he had already filed a tax return. He had not yet filed but he was looking forward to doing so: this year, he expected a sizable refund. The idea that he had already filed must be, he thought, an error. He dialed up TurboTax to find out what had happened.

TurboTax, he says, spent a lot of time reminding him about the importance of a secure password – information that Jim didn't really need. He ended up spending 3-4 hours on the phone with TurboTax, answering questions and trying to find out what he needed to do next. TurboTax didn't seem to have any answers for him but they did have an important question: did you have insurance through Anthem?

Jim did. He was insured through a Blue Cross/Blue Shield account affiliated with Anthem. The successful hack at Anthem affected potentially 80 million Anthem customers, including accounts associated with Anthem Blue Cross, Anthem Blue Cross and Blue Shield, Blue Cross and Blue Shield of Georgia, Empire Blue Cross and Blue Shield, Amerigroup, Caremore, Unicare, Healthlink, and DeCare. It has been called the largest successful hack on an insurer – and possibly in the health care industry.

Medical offices, pharmaceutical companies and health insurance providers have long been a target for identity thieves. And those thieves don't care about your health records but the enormous amount of other data – names, addresses, Social Security numbers, employers and the like – that you easily offer up in the name of health care. As law enforcement told me in 2013, that data is matched to other data. Suddenly, you're no longer just a random patient named Jane Smith. You're Jane Smith, SSN 123-45-6789, born on January 1, 1970. You work at ABC Chemicals and you live at 123 Elm Street, Anytown, USA 12345. Your spouse's name is William. You own your own home and a Subaru Outback. You have a dog named Asta that you take on trips to your favorite vacation spot in the Adironacks. You were born in Virginia. You went to Penn State for college and New York University for graduate school. That data – especially once it's been matched – is incredibly valuable.

Over the years, security experts – and the IRS – have been noting and warning that the health care industry could be vulnerable. Patterns of smaller hacks, probably instituted by criminal rings, have benefited from stolen data, usually orchestrated using someone on the inside.

But that's likely not what happened here. In the case of Anthem, the hack was massive. Potentially 80 million customers had their data compromised, prompting the state of Connecticut to warn taxpayers that it might be to their advantage to file their taxes early.

That, security experts say, isn't the work of a small time hack. It's not folks working out of a van with stolen laptops or a teenage kid in a basement. It's bigger. It's been suggested that the hack could be related to an international crime group or perhaps even an international government. I spoke with experts in tech and security arenas – who, like Jim, wished to remain anonymous – and they've suggested that they would not be surprised to find that the hacks were orchestrated by the Chinese government. IP addresses from China have been linked to the Anthem hack though neither the FBI nor Anthem have been willing to confirm the details.

It's also been suggested that Chinese or possibly Russian sources were involved in security breaches affecting TurboTax users. For its part, TurboTax has consistently maintained that it was not a victim of a breach. They also deny that the FBI has made them a target of investigations relating to a data breach. Instead, they maintain that affected taxpayers had their data stolen elsewhere; while TurboTax has not publicly linked Anthem to taxpayer problems, that's exactly what Jim says they told him.

Jim's situation was, however, a little bit different that what was plaguing other taxpayers at the time. Jim wasn't worried about his state tax refund, where most of the fraud seemed to be targeted. He was worried about his federal refund. He had been somewhat assured by the fact that most of the TurboTax-related refund thefts making news were for state returns. Maybe, he thought, his federal refund was safe.

It wasn't. Jim called IRS and found out that "his" refund had already been issued. The refund had been loaded onto a GreenDot debit card issued out of state. If you feel like you've heard GreenDot linked to IRS before now, you're right: the widely pervasive IRS phone scam making the rounds for the past couple of years have also involved GreenDot cards. In those cases, taxpayers were pressed into divulging bank information and loading money onto GreenDot MoneyPak cards to pay off alleged tax liabilities. GreenDot has also been in the news this tax season as a partner with Walmart through its Tax Products Group (TPG) to offer Walmart's new Direct2Cash program. GreenDot has been making inroads into the tax refund market for quite sometime now – they even tout how you can get your tax refund on a debit card "faster than a paper check" by visiting their web site. Those debit cards are a double edged sword: since they're easy to redeem and use, they're convenient for taxpayers but also a target for scammers who have successfully stolen millions of dollars.

While it's true that identity theft is big business, stealing tax refunds debit card by debit card is tedious work especially if it requires filing returns in a number of individual states. Anecdotally, the thieves didn't appear to make any real headway on the federal side; IRS has indicated that they have not seen any increase in identity theft linked to TurboTax (perhaps, as they suggest, because they have tougher security screens). Jim is the first taxpayer with ties to both TurboTax and Anthem I've spoken with who was able to link the use of the two to a problem with his federal return.

Still, it felt very piecemeal. I asked Jim about it.

He agreed that targeting state refunds feels like small potatoes in the grand scheme of things. And the scope of this latest hack, Jim surmises, is big. And the target is even bigger – especially if the target was actually IRS. It's ballsy to try and cheat the feds using stolen data from a breach already made public. If he had to guess, he told me, based on his past work experience, he would not be surprised to learn that these efforts were well-coordinated. Perhaps, he said, it's Chinese or Russian hacks.

That was confusing. Jim's thoughts about the source echoed what I had read and been told by other software and security experts. But it made no sense. So I asked some more questions. The answers lead me to wonder about the real target in all of this mess: Maybe it's possible that these hackers didn't really want your tax refund after all. Maybe they wanted something more.

Maybe collecting data – including username and passwords used to file tax returns and other secure data – is a step towards hacking into systems at other companies. Maybe the Anthem breach was a chance to take a stab at attacking financial institutions (like this "great bank heist"), security organizations or quite possibly, government agencies. Maybe the data that was used to access those 2014 returns – most likely, 2013 data – was actually gleaned from TurboTax' site not by a proper breach but by logging in using data from another source. Maybe those hackers are trying to figure out how far that data will take them… That's a lot of maybes but, I was told, not quite so fantastic.

The FBI is currently investigating the TurboTax hack but isn't saying much. In fact, considering the scope of the Anthem hack and the state tax refund thefts, together affecting tens of millions of taxpayers, there's not been much information made public. For their part, Anthem, Intuit and the state tax agencies have offered little information or advice about the hacks beyond suggesting that you change your passwords.

It may well be that we won't know what exactly happened – or specifically what the hackers were targeting – but what we do know whoever is responsible works fast. The turnaround time from stealing data (from Anthem) to stealing resources (assuming that stolen data was used to steal refunds) was remarkably quick.

As for Jim? His own turnaround won't be so quick. The IRS has told him that the time frame for recovering his refund could be as much as 180 days.

0 comments:

Post a Comment