The U.S. federal government is now in the process of sending Economic Impact Payments by direct deposit to millions of Americans. Most who are eligible for payments can expect to have funds direct-deposited into the same bank accounts listed on previous years’ tax filings sometime next week. Today, the Internal Revenue Service (IRS) stood up a site to collect bank account information from the many Americans who don’t usually file a tax return. The question is, will those non-filers have a chance to claim their payments before fraudsters do?
The IRS says the Economic Impact Payment will be $1,200 for individual or head of household filers, and $2,400 for married filing jointly if they are not a dependent of another taxpayer and have a work eligible Social Security number with adjusted gross income up to:
- $75,000 for individuals
- $112,500 for head of household filers and
- $150,000 for married couples filing joint returns
Taxpayers with higher incomes will receive more modest payments (reduced by $5 for each $100 above the $75,000/$112,500/$150,000 thresholds). Most people who who filed a tax return in 2018 and/or 2019 and provided their bank account information for a debit or credit should soon see an Economic Impact Payment direct-deposited into their bank accounts. Likewise, people drawing Social Security payments from the government will receive stimulus payments the same way.
But there are millions of U.S. residents — including low-income workers and certain veterans and individuals with disabilities — who aren’t required to file a tax return but who are still eligible to receive at least a $1,200 stimulus payment. And earlier today, the IRS unveiled a Web site where it is asking those non-filers to provide their bank account information for direct deposits.
However, the possibility that fraudsters may intercept payments to these individuals seems very real, given the relatively lax identification requirements of this non-filer portal and the high incidence of tax refund fraud in years past. Each year, scam artists file phony tax refund requests on millions of Americans, regardless of whether or not the impersonated taxpayer is actually due a refund. In most cases, the victim only finds out when he or she goes to file their taxes and has the return rejected because it has already been filed by scammers.
In this case, fraudsters would simply need to identify the personal information for a pool of Americans who don’t normally file tax returns, which may well include a large number of people who are disabled, poor or simply do not have easy access to a computer or the Internet. Armed with this information, the scammers need only provide the target’s name, address, date of birth and Social Security number, and then supply their own bank account information to claim at least $1,200 in electronic payments.
Page 1 of 2 in the IRS stimulus payment application page for non-filers.
Unfortunately, SSN and DOB data is not secret, nor is it hard to come by. As noted in countless stories here, there are multiple shops in the cybercrime underground that sell SSN and DOB data on tens of millions of Americans for a few dollars per record.
A review of the Web site set up to accept bank account information for the stimulus payments reveals few other mandatory identity checks to complete the filing process. It appears that all applicants need to provide a mobile phone number and verify they can receive text messages at that number, but beyond that the rest of the identity checks seem to be optional.
For example, Step 2 in the application process requests a number of data points under the “personal verification” heading,” and for verification purposes demands either the amount of the applicant’s Adjusted Gross Income (AGI) or last year’s “self-selected signature PIN.” The instructions say if you do not have or do not remember your PIN, skip this step and follow the instructions in step A above.
More importantly, it appears one doesn’t really need to supply one’s AGI in 2018. “If you didn’t file a return last year, enter 0,” the site explains.
Step 2 in the application for non-filers.
In the “electronic signature,” section at the end of the filing, applicants are asked to provide a cell phone number, to choose a PIN, and provide their date of birth. To check the filer’s identity, the site asks for a state-issued driver’s license ID number, and the ID’s issuance and expiration dates. However, the instructions say “if you don’t have a driver’s license or state issued ID, you can leave the following fields blank.”
Alas, much may depend on how good the IRS is at spotting phony applications, and whether the IRS has access to and bothers to check state driver’s license records. But given the enormous pressure the agency is under to disburse these payments as rapidly as possible, it seems likely that at least some Americans will get scammed out of their stimulus payments.
The site built to collect payment data from non-filers is a slight variation on the “Free File Fillable Forms” product, which is a free tax filing service maintained by Intuit — a private company that also processes a huge percentage of tax returns each year through its paid TurboTax platform. According to a recent report from the Treasury Inspector General for Tax Administration, more than 14 million Americans paid for tax preparation services in 2019 when they could have filed them for free using the free-file site.
In any case, perhaps Intuit can help the IRS identify fraudulent applications sent through the non-filers site (such as by flagging users who attempt to file multiple applications from the same Internet address, browser or computer).
There is another potential fraud storm brewing with these stimulus payments. An app is set to be released sometime next week called “Get My Payment,” which is designed to be a tool for people who filed tax returns in 2018 and 2019 but who need to update their bank account information, or for those who did not provide direct deposit information in previous years’ returns.
It’s yet not clear how that app will handle verifying the identity of applicants, but KrebsOnSecurity will be taking a look at the Get My Payment app when it launches later this month (the IRS says it should be available in “mid-April”).
Could the US government pleases terminate the contract with whomever designed freefilefillableforms.com? Not only is it poorly designed. It never sends the email confirmation so you are unable to file using the form. Kinda defeats the entire purpose of the website. Maybe some testing was in order? Maybe someone monitoring the functionality of the site? Maybe a Contact Us feedback form? I mean it is intended to help millions of people right? Like Google, Apple and Microsoft services, there is often no method of reporting to developers how poorly they have created forms/services.
I’M.a US MILITARY VETERAN, TRIED..had so much TROUBLE..same issue, filled put form, unable to submit
Me too, Don. I’ve just been informed that someone fraudulently claimed me, I have lost my job, being evicted. I have no way to resolve it, because IRS has no live people.
I’m in the same boat.. What do i do? I did not give anyone permission to claim me
To whomever developed freefilefillableforms.com: Have you heard of using an SMTP Server that doesn’t relegate your email to Junk Mail? In this instance, completely blocked email based on the grading of the email by various spam filters. Changing the email address from one commonly used mail provider to another commonly used mail provider fixed the issue. There are obviously SMTP service providers that avoid this issue entirely.
Hmm. They’re using Amazon Simple Email Service [1].
On the bright side, they appear to have properly configured SPF [2]/DKIM [3]/DMARC [4] (and because Amazon is sending the email, they’re also using TLS).
All things considered, I think that makes them one of the better email senders I’ve dealt with of late. (I have very low standards.)
They do lose points for not having a text/plain encoding.
[1] https://docs.aws.amazon.com/ses/latest/DeveloperGuide/regions.html
[2] https://docs.aws.amazon.com/ses/latest/DeveloperGuide/send-email-authentication-spf.html
[3] https://docs.aws.amazon.com/ses/latest/DeveloperGuide/send-email-authentication-dkim-easy.html
[4] https://docs.aws.amazon.com/ses/latest/DeveloperGuide/send-email-authentication-dmarc.html
That site is horrible! I don’t know about asking for IP PIN because I can’t get that far. On my device (tablet) it’s impossible to see “submit” button on electric signature page. My laptop isn’t working and we’re quarantined. Does anyone have a suggestion?
Did you try going in the Brower settings and click the option for desktop site? If your using chrome it will be 3 dots in a vertical line on top side of screen all the way to the right
I tapped the 3 vertical dots in the upper right hand corner, scrolled down to desktop and the entire page was visible.
you can only finish completing this form by using a computer.
tablets and phones wont let you submit it.
I had the exact same problem , I even tried downloading the IRS mobile act , no luck. I called my sister, who lives out if state an walked her through it an she she completed mine on her desktop. Of course I trust her with my life , so ….I suggest you do that if you have some one.
Tap the 3 dots and hit desk top.
Then you will be able to see what you need in full context.
There are many tax-paying Americans who have direct deposit set up in 2017 or prior, but they may not have gotten a refund in 2018 or chose to have it applied to 2019. It’s annoying that NOT ONE authority can address this simply question: HOW FAR BACK IS THE IRS GOING TO LOOK TO SEE IF THE TAX PAYER HAS DIRECT DEPOSIT INFORMATION????
They keep telling us that you will get your direct deposit if IRS has your bank information “on file”. Can someone please elaborate on that? What does “on file” mean?
Quote: “They keep telling us that you will get your direct deposit if IRS has your bank information “on file”. Can someone please elaborate on that? What does “on file” mean?”
C’mon. The answer to that is too obvious. Clearly, IRS will have the bank account info, account number, routing number, and kind of account (checking, savings, etc) that tax return filers include in their federal tax returns for purposes of paying amounts due or receiving refunds.
Have you never filed a federal tax return and provided that information to them? Why not?
they have said they are only going back to 2018,2019 that’s it . this is why they have decided to do this app… you can fill out all the info and it does state if you don’t have your AGI put zero and if you dont remember your 5 digit pin number make new 5 numbers.hope this helps plus you can only submit the completed forms with a computer. phones and tablets only let you go so far. but to submit you need a computer
Brian: is there an easy way to request $0?
I suspect if I’m not careful, I’ll be one of these victims.
I haven’t checked if this stimulus package is supposed to apply to Americans overseas (there was one over a decade ago which did).
I certainly don’t need the money right now (I think my local country will probably send me something, although I suspect I won’t enjoy the paperwork).
If you mean you are a US citizen currently resident in another country, yes you are included — if you filed for 2018 or 2019, have an SSN, can’t be claimed as a dependent by someone else, and your AGI is under the limit; note AGI is computed _after_ the Foreign Earned Income Exclusion on 2555. There is an exclusion for non-resident _alien_ — someone who is _neither_ a citizen _nor_ (either green-card holder or physically present 183 days of the year) (nor electing to file jointly with a resident spouse). The law doesn’t provide for you to elect out of what is technically an estimated advance refund, and given overwhelming public demand (GIVE US CASH NOW) I see no likelihood IRS will add such an option.
Brian: I think you left out the best part!
> User ID
> To keep your account extra safe, do not reuse an ID from other sites or include any personal info
The password should be unique and not re-used across web sites. The password is considered secret whereas the username is not considered secret and is trivial if used for multiple sites.
Yesterday I filed E1040 to give bank info just hours before the new portal for non filers was completed and found an errors on my 1040. I tried to amend my 1040 ut was missing my first name. I should have waited because it said I would have to send the amendmended return in. I contacted them and they stopped the amendment. I thought this stopped my original tax return. Long story short I filed in the new Stimulus payment only fillinform. I was rejected 3 times. It said someone else had already filed. It was me they had accepted my original 1040. So, I deleted the Stimulus Payment for non- filers. I don’t know to correct what I’ve done. Even my last email wasn’t accepted. They did say I couldn’t file using my SSN. I only get SSI and just wanted to give my bank information. Any suggestions. I guess now they think someone is trying to commit fraud.
I kept getting my application rejected for the Pin, finally figured out I needed to add both a pin for myself and my spouse which solved the problem.
How did you get the Pin?
On the positive side of things, getting the money into the hands of criminals will help boost the economy too. Isn’t that the intention of the program? And, when millions of people start screaming that they haven’t gotten their money, what will they do to fix it? Let people get duplicate payments? Probably. What a CF by our trusted, elected officials. They would have been better off sending checks by mail to every address in the USA.
I have tried several times to enter info for my friend who has never filed a return before. It keeps asking for an IP PIN which he for sure does not have. He has never been the victim of identity theft so one would not have been issued to him. On the IRS website you can only retrieve PIN if you filed a return in the last 7 years. Furthermore you can only self request one in certain states and our state is not one of them. It says if you can not retrieve the PIN to call the IRS to have them resend in that mail. But if course they are not accepting phone calls. I don’t know what to do from here. I worry that they will not find him otherwise.
I have the same exact problem Jennifer IDK who to do. I cant even request an I.P Pin online and if I send in the paper return they are not even processing paper returns. They should just forget about the I.P Pin for this if I turn out not to be me they can come arrest me later. I mean jesus they make you put in your Drivers license numbers what more do they need to know its me. Had the same licenses number for 16 years.
I think this site is a scam Brian. I see nothing on IRS.gov that even mentions it. The doman name is registerred to Domains By Proxy, LLC.
the site won’t be available for use until April 17th
Sorry. I take it back, Brian, the IRS link to the link is at
https://www.irs.gov/coronavirus/non-filers-enter-payment-info-here
I think this is very unprofessional of the IRS to solicit confidential taxpayer info via a non-IRS domain name. Maybe the IRS website has been hacked.
After I submitted my non- filers application, I received a confirmation approval, but what do I need to do next will I still be able to receive my check?
you been approved so you are all good for your check
The I’m not a robot pop up is only showing THE LAST 2 LETTERS OR NUMBERS. this pop up is UNABLE to be MINIMIZED or squished from top to bottom to view the ENTIRE CODE!!!!! I SCREENSHOTTED THE PROBLEM , but CANT post an image here. So afteryouve done every thing, a not a robot box showed up, with ZERO abili t to view the whole code to type in. Audio also was not recognized . it said 141238
I go to put that in the box and it said invalid.
Brian, thanks for your article on this. Please update folks on any solutions to IP PIN rejection issues at the new stimulus payment portal for direct deposit info. The site is **supposed** to make it easier for very low income people who may have not filed taxes in several years to update their direct deposit info and get their stimulus. However, many are getting **the exact same rejection for lack of IP PIN** that was supposed to be resolved by the new portal. Appreciate keeping us informed about fixes. Folks please share any solutions achieved. Best to all and keep the faith!
Lots of embedded scripting to allow temporarily in order to just get the site and forms to work properly, with the combination of text-message and e-mail verification even more problematic if you have NoScript and other extensions set up in your browser. Once you’ve got the scripting enabled (temporarily, at least) and the verifications taken care of, the final version of the form can be submitted.
Have you seen what it’s like out there, Murray? Do you ever actually leave the studio? Everybody just yells and screams at each other. Nobody’s civil anymore. Nobody thinks what it’s like to be the other guy. You think men like Thomas Wayne ever think what it’s like to be someone like me? To be somebody but themselves? They don’t. They think that we’ll just sit there and take it, like good little boys! That we won’t werewolf and go wild!
She wwas irritating and finally got the judge execute what wwas
right. This is really a letter right from somneone that you have dealt with or beneath.
The actual to say, what you expected to happen, happened. https://www.minerva.gallery/index.php?action=profile;u=31035
Hello, has anyone found a solution for the IP Pin issue? Only receive SSI and do not file taxes.
You shouldn’t have to do anything, is your SSI direct deposited on a card or in a bank account? You are good if that’s the case . My Boyfriend is on SSI and uses that prepaid card , his will automatically come on that.
But what if someone, some scammer, fills out a form but puts the money in my bank account? How does one prove I didn’t scam the IRS?
Because you would be honest and give it back ? I don’t think a thief would .
I tryed to get back in to my file but it keeps telling me my user number or password is wrong . It’s not I tryed quite a few times and now it tells me I’m locked out don’t know what to do
So retarded.
The very least they should have done is to have this whole thing setup at the IRS website. Say irs.gov/form
Just have one trusted place.
So many people will probably fall for scams that say, go to https://www.EconomicImpactPaymentForm.com , for example. Or https://www.freefilefillableforms2020.com/
Isn’t incompetence illegal? Probably should.
I filled out this form by accident. Someone sent me the link and idid not read everything before i started. I did not file my taxes yet this year. I did file 2018 and my income is over 1200. I mistakenly filled out this form and was approved. What happens now for me?
I have tried to call irs but they are closed. So no one not able to help me
I tried to file. I hit submit and it says a return has already been submitted.
I check status and it says no return has been submitted from the account I’m using with my SSN. Please check from the account I transmitted from if I used another.
I didn’t use another.
I guess my ID is compromised? Can’t call the IRS of course, I don’t know what to do…panic is beginning to set in.
Me too!!! Same exact thing here!!
Omfg this is the only other instance in which I’ve found somebody with my same issue like what the fuck it’s so confusing. Have you been able to resolve or at least get an explanation yet? If so I’d love to know it.
I was rejected because I dont have a pin number. Cant talk to IRS to get one. Does this mean I wont get stimulus check?
You can just use AGI instead of your pin. You can leave that blank
How do you do that? I don’t have my IP pin number
I tried to use tried to file on this site provided by the irs in the non-filers department because both myself & son receive ssi benefits but I got a rejection response saying that my son number was aleady used in a previously filed claim I haven’t worked since 2008 & I’ve been on disability since 2010 & my son since 2012 we’re both disabled & I haven’t filed taxes since 2013 so I’m not understanding what’s going on here & of course I can’t reach anyone @irs.gov right now this is very upsetting to me.
The IRS will process this information and determine your eligibility for the Economic Impact Payment
Says I should receive a email within 24-48 hours but I have yet to receive any emails in over that time period
This post sound really wonderful.
Having trouble I can’t retrieve my IP pin number because is asking for credit card# I already try to put it it said it was wrong.. and no one answers on the phone for help I need it in order to advance .. any help here??