19
Feb 18

IRS Scam Leverages Hacked Tax Preparers, Client Bank Accounts

Identity thieves who specialize in tax refund fraud have been busy of late hacking online accounts at multiple tax preparation firms, using them to file phony refund requests. Once the Internal Revenue Service processes the return and deposits money into bank accounts of the hacked firms’ clients, the crooks contact those clients posing as a collection agency and demand that the money be “returned.”

In one version of the scam, criminals are pretending to be debt collection agency officials acting on behalf of the IRS. They’ll call taxpayers who’ve had fraudulent tax refunds deposited into their bank accounts, claim the refund was deposited in error, and threaten recipients with criminal charges if they fail to forward the money to the collection agency.

This is exactly what happened to a number of customers at a half dozen banks in Oklahoma earlier this month. Elaine Dodd, executive vice president of the fraud division at the Oklahoma Bankers Association, said many financial institutions in the Oklahoma City area had “a good number of customers” who had large sums deposited into their bank accounts at the same time.

Dodd said the bank customers received hefty deposits into their accounts from the U.S. Treasury, and shortly thereafter were contacted by phone by someone claiming to be a collections agent for a firm calling itself DebtCredit and using the Web site name debtcredit[dot]us.

“We’re having customers getting refunds they have not applied for,” Dodd said, noting that the transfers were traced back to a local tax preparer who’d apparently gotten phished or hacked. Those banks are now working with affected customers to close the accounts and open new ones, Dodd said. “If the crooks have breached a tax preparer and can send money to the client, they can sure enough pull money out of those accounts, too.”

Several of the Oklahoma bank’s clients received customized notices from a phony company claiming to be a collections agency hired by the IRS.

The domain debtcredit[dot]us hasn’t been active for some time, but an exact copy of the site to which the bank’s clients were referred by the phony collection agency can be found at jcdebt[dot]com — a domain that was registered less than a month ago. The site purports to be associated with a company in New Jersey called Debt & Credit Consulting Services, but according to a record (PDF) retrieved from the New Jersey Secretary of State’s office, that company’s business license was revoked in 2010.

“You may be puzzled by an erroneous payment from the Internal Revenue Service but in fact it is quite an ordinary situation,” reads the HTML page shared with people who received the fraudulent IRS refunds. It includes a video explaining the matter, and references a case number, the amount and date of the transaction, and provides a list of personal “data reported by the IRS,” including the recipient’s name, Social Security Number (SSN), address, bank name, bank routing number and account number.

All of these details no doubt are included to make the scheme look official; most recipients will never suspect that they received the bank transfer because their accounting firm got hacked.

The scammers even supposedly assign the recipients an individual “appointed debt collector,” complete with a picture of the employee, her name, telephone number and email address. However, the emails to the domain used in the email address from the screenshot above (debtcredit[dot]com) bounced, and no one answers at the provided telephone number.

Along with the Web page listing the recipient’s personal and bank account information, each recipient is given a “transaction error correction letter” with IRS letterhead (see image below) that includes many of the same personal and financial details on the HTML page. It also gives the recipient instructions on the account number, ACH routing and wire number to which the wayward funds are to be wired.

A phony letter from the IRS instructing recipients on how and where to wire the money that was deposited into their bank account as a result of a fraudulent tax refund request filed in their name.

Tax refund fraud affects hundreds of thousands, if not millions, of U.S. citizens annually. Victims usually first learn of the crime after having their returns rejected because scammers beat them to it. Even those who are not required to file a return can be victims of refund fraud, as can those who are not actually due a refund from the IRS.

On Feb. 2, 2018, the IRS issued a warning to tax preparers, urging them to step up their security in light of increased attacks. On Feb. 13, the IRS warned that phony refunds through hacked tax preparation accounts are a “quickly growing scam.”

“Thieves know it is more difficult to identify and halt fraudulent tax returns when they are using real client data such as income, dependents, credits and deductions,” the agency noted in the Feb. 2 alert. “Generally, criminals find alternative ways to get the fraudulent refunds delivered to themselves rather than the real taxpayers.”

The IRS says taxpayer who receive fraudulent transfers from the IRS should contact their financial institution, as the account may need to be closed (because the account details are clearly in the hands of cybercriminals). Taxpayers receiving erroneous refunds also should consider contacting their tax preparers immediately.

If you go to file your taxes electronically this year and the return is rejected, it may mean fraudsters have beat you to it. The IRS advises taxpayers in this situation to follow the steps outlined in the Taxpayer Guide to Identity Theft. Those unable to file electronically should mail a paper tax return along with Form 14039 (PDF) — the Identity Theft Affidavit — stating they were victims of a tax preparer data breach.

Tags: , , , , , , ,

65 comments

  1. never believe a debt collector…

    hang up. dont answer. dont respond.

    they wont come for you.

    • Hello I was just reading the comments and you said don’t believe a debt collector well a couple of months ago this man told me that he was calling about a account I had with well Fargo I had back in 2015 and the account was sent to his office i owed 950 dollars and that if I didn’t pay I will half to go to court so I made a payment plan with this man he sent papers to my house but I never signed it so every month this office take 50 dollars off my card unroll I pay them off but I said I was going to go to the bank to see if i can just pay them in person I don’t know cause it’s with this man in collections

      • Unfortunately you cannot trust Wells Fargo to do anything right, hence all the law suits, stories of mismanagement and inability to follow banking regulations.

      • If they have called you, give them the number of your attorney, and tell them to contact their office. Don’t do it yourself!

      • Never, ever believe a ‘debt collector’ over the phone. If you owed anyone money, you would have received something by mail.

        If someone calls you and you haven’t received anything in the mail, it is most certainly fraud. If you have received something in the mail, follow up with your attorney and/or double check the dates on the debt.

        Never, ever agree to start paying on a debt until you see how old it is and until you see the actual proof of the debt.

      • Stop paying them. I used to be a bill collected and 90 percent of the time it is fraud

      • You need to contact WellsFargo right away so that you can get all of your money back. If in fact you do owe Wells Fargo, you can still go to them and work something out. I think you are being scammed.

      • Never give your debit card to a debt collector! I’ve got old medical bills that I get called on all the time. I tell them to send me the papers via snail mail and I’ll look at them when I have free time.

  2. I’m not sure if this will reach the apporate party. Yet I’m taking a chance on submitting a comment. I’ve submitted a series of 14039 forms to IRS reporting fraud/theft of my identity. Nothing is being done by them. Someone added a address to my Equifax credit report for Michigan and I have never lived there. All of my former employers have been deleted from my credit report. Yet Social Security Administration have all of my history. W Bart & Company amended & restated all of my benefits,IRS will not investigated. W M Barr did not report my history to TN Department of Labor. Their bye date,their TN tax identification number on my W-2’s from 2002-2009. First Tennessee Bank transferred my loan on my home in 2008 and didn’t notify me or the wage earner courts. Payments was made using six digit checks. I never had a business,wire pmts was made also. The property is located at 3873 Briar Place Memphis Tennessee 38115. The courts have my history showing pmts was made by me outside the courts while I was under wage earner. There is a tax identification number in the courts that doesn’t belong to me. Yet tax returns was filed using my personal information. As I’ve mentioned I am not sure if anyone will look into this matter. In 2009 First Tennessee Bank transferred my loan once again without notifying me or the courts. The loan was transferred to U S Bank Home Mortgage. The Crittenden Family members was stealing my mail through the United States Postal Service and through the internet. They stole my driver’s license and social security number. The FBI told me it was a inside job and told me to pull my tax transcripts. They were correct,this is how I learned of all of the fraudulent activity.

    • Evalyn, you should have not used your real name for your posting here or anywhere for that matter. You should be more anonymous on the web. Especially if you have already been attacked. I could easily see where you live and your birth date online.

    • Evalyn,
      You need to initiate a fraud alert on all 3 of your credit bureaus. Take that copy of your tax scripts and file a police report. Have that report added to your credit files. Send a copy of both the tax script and the police report and send it. to the IRS for them to attach it to,you SS# in their system. Never ever do any kind of business over the phone as far as IRS or debt collectors, you ALWAYS. have it in writing to,legitimize your claim of,dead or identity theft., I feel badly for you as I’ve had it happen to me and it took me 5 yrs to finally get the mess cleared up but it can be done,with patience and diligence. Wishing you the best of luck.

    • BRIAN!!!! can you remove this lady’s ***** address and last name ****** from this post. THIS IS INSANE!!!

    • Evalyn… you’ve got everything here a scammer needs… but you forgot your mother’s maiden name and your social ! WTF?

  3. Wow this is something that should be corrected by the ach

    • The taxpayers have their erroneous refunds returned to the IRS via ACH, as instructed by the IRS, then the IRS sends them a paper check for the erroneous refund. Then the taxpayers had to send the money back again!

  4. Are they trying to put the blame on us taxpayers?

  5. The bigger scam after the IRS is the International “Jewish” Banking System. No investigations are allowed.

  6. Identity theft is out of control, we need a new system of protecting citizens. Once your ss# has been compromised there’s a never ending battle of fighting to protect your identity. We need to abolish this system or require a yearly updated pin in addition to providing our socials to prove identity. The technology of hacking have certainly made this form of identity obsolete. Every company seems to get hacked these days including some of the largest corporations with sophisticated security measures.

    • There are lots of companies that haven’t been hacked. I doubt you have any idea which company has good security and which doesn’t. Now why do you suppose that is? It’s pretty simple. It’s because some companies don’t seem to give a damn about security and some do or the ones that do and get hacked, come to find out their security wasn’t good enough.

      I’m not a security person, nor am I a networker, but based on certain companies, who continue to not get hacked, there is evidence that some companies DO know what they’re doing and that’s why they haven’t been hacked.

      • Henry,

        Bravo! You’ve got it exactly right that many companies do a great job, and many a lousy job. You’re right too that we have no way knowing easily.

        Typically bad news travel the fastest and widest – the media seems to be allergic to good stories, where the good guys defeat the bad the guys.

        But technologies are available now to tell them apart. Stay tuned!

      • “I’m not a security person, nor am I a networker, but based on certain companies, who continue to not get hacked, there is evidence that some companies DO know what they’re doing and that’s why they haven’t been hacked.”

        As someone who worked with a team of security professionals, virtually EVERY company has been hacked in one way or another. The better protected companies do more to prevent widespread loss of data, however. (Or they’ve simply remained lucky.)

    • Hillo it would be nice to have a new system to control the identity thieft .however even were going to havethe most powerful system in this word to control the identity thieft nothing will change or to stop the thieft since this is for sure had something to do with inside job to operate the system or behind on this.

  7. very clever guys, they had good ways to make money.
    my respect !! 10 points for fraudsters !
    masterminds

  8. The sentence that most struck me was: “If the crooks have breached a tax preparer and can send money to the client, they can sure enough pull money out of those accounts, too.”

    Am I the only one who thinks this is unacceptable? That there is no difference in security between being able to give someone money, and being able to take money from someone?

    This is to me one of the fundamentally baffling things about the American banking system: that anyone who knows my account number can take money out of it. It is because the American system is fundamentally backwards. The way any payment works is that instead of me telling my bank to pay the company, I basically tell the company to grab the money from my bank account, and the bank just has to assume that the company was actually authorized.

    How can such a 19th-century system (based on hand-written checks) survive into the 21st century?

    • That line is misleading.

      It is true that depositing money into an account is easy.
      All that is required is an account number to deposit it.
      I have transferred money into friends accounts using only their name and account number.

      Withdrawing money from an account requires identification or deception.

      • At a bank, maybe.

        But generally direct-deposit is two-way.

        If I’m your employer, and you sign up for direct deposit, you give me enough info for me to directly add funds to your account (and authorization to make transactions to your account).

        But what happens when I accidentally give you the wrong amount?
        I just make a reversed transfer.

        The banks expect this to happen, and they allow it.

        There may be places where this isn’t the way things work, but afaik, this is the standard operating procedure.

        • Sorry, but it doesn’t quite work that way.

          If they reverse a transfer, then they reverse the transfer. They’re not submitting a debit request or transfer request; they’re stating to the original institution that a specific transfer was in error. The receiving bank then backs that transfer out and sends it back to the same bank / account that it came from.

          As others have stated, getting money out of your account requires a con of some sort (e.g. impersonation, account takeover through hacking or “social engineering”, etc).

          This is one of the reasons why multi-factor authentication is so important.

  9. Ah, tis the season for tax scams.

  10. never threaten oh
    thats why i owe
    need to find whos
    stealing and putting
    down wrong
    information irs
    need to investigate
    how some owe.

  11. But the IRS would never use a debt collector to collect mistaken tax refunds. Debt collectors buy debt for pennies on the dollar. The IRS would just reverse the direct deposit.

    Why would people fall for this?

    • While this should be absolutely true, it isn’t.

      Private Debt Collection [1] 2015:
      The new program, authorized under a federal law enacted by Congress, enables these designated contractors to collect, on the government’s behalf, outstanding inactive tax receivables. Authorized under a federal law enacted by Congress in December 2015, Section 32102 of the Fixing America’s Surface Transportation Act (FAST Act) requires the IRS to use private collection agencies for the collection of outstanding inactive tax receivables.

      There’s a nice article that reports that this act actually was a money *loser* for the IRS (they paid more to the private debt collectors than they took in), but I can’t find that atm.

      Note: this (and most other things) is entirely Congress’s fault. It’s a congressional mandate. And when it was proposed, newspapers reported on it and warned that fraud like this would happen.

      [1] https://www.irs.gov/businesses/small-businesses-self-employed/private-debt-collection

      • Note the applicable section, though: “… outstanding inactive tax receivables.”

        The OP was correct that the IRS would simply have the transfer reversed if it was recent. The scam artists contact people shortly after the refund has been sent precisely so that they can keep the taxpayer from questioning the deposit and contacting the IRS.

        Admittedly, the IRS doesn’t make contacting them by phone easy, but that’s partially because their budget has been starved for years and they’ve had a hiring freeze for about 10 years (IIRC).

  12. Yep, tis the season!

  13. The IRS sends letters in duplicate and if money is owed, they send certified letters. Never a phone call asking you to send money. If someone calls and asks me to verify by name, date of birth and ssn, I never do. My comment is, you called me so you should already have that info. They always hang up.

    • “If someone calls and asks me to verify by name, date of birth and ssn, I never do”

      I dont see that as productive. Seems better to give them fake info to chew on. Maybe they will get caught using it or just waste their time.

  14. When some scammer call asking you to verify info – just say wait a minute, get your boat horn, and blow loudly into the phone . Bet they won’t call back.

  15. Professional Tax Preparer

    I get the fear – a place with your personal data may actually lose it to data theft in some form or way.

    This fear should be applied at all work places, payroll departments, health offices and health insurance firms, the DMV, your children’s schools and so on.

    My university lost control of my data and it was used to make a lot of false accounts and a tax return. That was 13 years ago and nothing terrible happened. All fraudulent debts and stuff were immediately wiped from my record.

    What seemed terrible at first became liberating. B/c my data is out there, I have less risk of being defrauded again. The only thing I experience is an extra call and a quick chat with a bank rep before I go for new credit cards. The IRS sends me a letter with a special pin to include on my tax return each year. This lets me efile.

    On a final note… professional tax preparers hold business liability insurance to help correct and help make you whole if fraud does occur under their watch.

  16. The IRS Themselves stole my tax return from me last year and I’m still trying to get it and they refuse to give it up.And who am I to fight against the federal government.

    • Like I said below I believe they are add ing lies to the truth , so they don’t have to pay us our money….well some of us

  17. endents,witch were my sister and nephew. My sister and nephew have lived with me almost 3 years and I have fully supported them. Last year her husband witch they haven’t been together in almost 2 years filed them on his 2016 tax return and we both got audited, I sent in all required forms and was awarded my full refund. Am I gonna have to go through this again,its not fair she got a refund today and mine isn’t showing accepted. I don’t understand

  18. Brian, what’s up with all the weird stilted comments?

  19. Thats why I do paper return no efile

  20. I also see the transaction error collection latter, When I applied IRS company.

  21. The “IRS Letter” looks pretty good, except for “WHAT THE TIME LIMITS?”

  22. Some of this is certainly true….but now days u can’t even believe the government, they keep shutting it down. All these money problem, now I feel like they are adding to the truth ( lies) just not to pay us our tax retutn , and say it was stolen… Now if they still issue a check after stolen then I will believe them…

  23. Zoomin' Larry Dodger

    wife was auditded with tax forms and returned full refund request before, was not a good one! please help brian as we are not able to identify the identity of the of the caller of the repo servidce. my truckwas reposeses last week and i couldnt get to work at the box factory. they dont pay me well at the factory but i still need my irs audit to refund and become into my bank. thanks brian!

  24. I have been notified with papers from Gov program a few years back. Being on SSI and such I could have lost all. I did everything I was told to do in FL. Now it’s tax time, I can find no way to speak to an IRS Agent and if the IRS wants to catch these scum scammer’s time is of the essence. I’ve even hired Lexington Credit Repair which I cannot afford but they really can’t do much but it.

  25. Brian, seems a lot of spam posts here that arent relevant to the topic. Guess, you will have to hire somebody to clean this up or design a bot

  26. I did some TinEye reverse searches on the pictures used on the JCDebt,dot,com website. The customer testimonial picture of Edna Ware, is listed as a ShutterStock and ColourBox image, as are the bearded guy at the top of the homepage and “best advisors” Selma Palmer, James Morin, and Jennifer Glasgow. You can see where someone edited the original images to remove or crop others out of the pictures to boil it down to appear like a portrait.

  27. Even debt collectors don’t have grammar that bad. “What the time limits” indeed.

  28. Brian, your comments section is beginning to look like a Daily Caller discussion forum. You might want to consider requiaing some form of verification before posting.

  29. Lovely write up. Alright guys Just thought i should share this. Everyone should benefit from it. This is absolutely true, but you know what’s cooler? Contacting Webzeus the Professional Hacking God. The best and realest in the game! They can hack into the system and add your names amongst people benefitting the tax return. I just filed for mine and got paid some couple thousands within 48hours. This is real and no one should sleep on it.So if you are yet to get paid, here’s a chance to get much more bigger pay. Hurry up and Go contact webzeus1800@gmail, .com or text +1 470 231 5053 and worry no more

    • wow this is accurate. very good recommendation. A friend referred me to Webzeus two weeks ago. And i got paid for last year own which i missed. Also for this year. All thanks to web guy..although they charge a little for the service but trust me it’s worth the stress. I got paid for reals guys. Right now am totally debt-free

  30. The IRS can claim all they want that it was the tax preparers that were hacked. But if that were so, how is this such a nationwide scan, how were the returns filed prior to the efforts open date, and how we’re refunds issued in a couple of days instead of weeks????