GO
Loading...

How to beat tax identity thieves at their own game

Jill Fromer | E+ | Getty Images

Electronic tax filing season is officially underway, and so is the annual race between taxpayers and identity thieves who want to claim refunds in their name.

"The low physical risk and high potential for financial gain has made stolen identity refund fraud a crime of choice for drug dealers and gangs," said Kathryn Keneally, assistant attorney general for the Justice Department's Tax Division, testifying to a Senate committee last year.

The IRS paid as much as $3.6 billion in fraudulent refunds to identity thieves in 2012, according to a November report by the Treasury Inspector General for Tax Administration. That is an improvement from $5 billion the year before, according to the report. An estimated 1.6 million taxpayers were victims of identity theft last year.

But as the government gets better at fighting this rampant crime, the crooks are getting more savvy.

(Read more: Thieves lining up)

Federal authorities in San Diego said they busted an international crime ring in September that stole more than 2,000 identities and used them to claim more than $20 million in bogus refunds. A federal grand jury indicted 55 people; 33 remain at large.

"I would say that this is one of the most sophisticated operations we've ever seen," IRS Special Agent in Charge Anthony Orlando told NBC station KNSD.

Many of the defendants are foreign nationals from former Soviet bloc countries, including Russia, Kazakhstan and Turkmenistan, in the U.S. on work or travel visas. They allegedly opened U.S. bank accounts and rented apartments and post office boxes in the San Diego area for the sole purpose of receiving the stolen refunds. And they are accused of trying to cover their tracks when filing electronic returns by disguising their Internet Protocol (IP) addresses.

Authorities are particularly troubled by criminals' increasing technological skill and ability to infiltrate tax firms, financial institutions and hospitals—all of them treasure troves of personal data.

In Alabama last year, authorities uncovered a scheme that coupled stolen identities and IP addresses.

Corey Thompson, 29, owned a Montgomery-based tax return business and worked as an installer for a local cable company. He admitted stealing information from his tax customers, then using their stolen IP addresses to make it look as if the customers had filed their returns.

Thompson, who pleaded guilty to three criminal counts last year and is serving a 30-month prison sentence, also admitted receiving taxpayer information stolen from a Norcross, Ga., debt collection firm.

An employee of the firm, 47-year-old Deatrice Williams, and her son-in-law, 30-year-old Quentin Collick, were convicted last year on conspiracy, wire fraud and aggravated identity theft charges.

(Read more: A sneaky path into Target customers' wallets)

Even at least one U.S. postal worker has been implicated in identity theft scams.

A federal jury in Alabama last year convicted former postal carrier Vernon Harrison, 51, for his role in a wide-ranging conspiracy. Thieves used stolen identities to file false returns, then had the refunds sent to prepaid debit cards mailed to addresses on his route. Harrison would steal the debit cards out of the mail and sell them for cash.

At a trial last year, prosecutors showed photos of cash and checks found in Harrison's vehicle. He is serving a 111-month prison term.

"We always encourage people to guard their personal information like they would any other valuable," said Eva Velasquez, CEO of the nonprofit Identity Theft Resource Center. But that becomes more difficult when people provide information to people and institutions they think they can trust.

"In cases where consumers have no control, where they've already given their information over to someone and expected that that organization or entity is going to be a good steward of that information—that is where consumers need to simply pay attention to their financial picture," Velasquez said.

That means monitoring their financial statements frequently for signs of unusual activity and obtaining a copy of their credit report, available once a year free of charge at Annual Credit Report.

"We know that early detection is one of the ways to stop the thieves from doing a lot of damage," Velasquez said.

For victims of tax refund identity theft, resolving the case and getting their rightful refund can be a nightmare.

The Treasury Inspector General reported in November that while customer service at the IRS has improved, it still takes an average 312 days to resolve a typical identity theft case.

To prevent the theft in the first place, the IRS has beefed up its procedures to weed out suspicious returns, screening them for large changes in income from prior years, or unusual address changes. The agency also has launched a pilot program in Florida, Georgia and the District of Columbia—where identity theft is most prevalent—that will let some taxpayers apply for an Identity Protection PIN after asking them questions to verify their identity. If successful, the program could be expanded next year.

The agency also said it has dedicated 3,000 employees to deal with identity theft cases, and it is working more closely with the Justice Department, which calls the issue "a national priority."

(Read more: Tax mistakes to avoid)

To defeat the criminals at their own game, experts urge taxpayers to file their returns as soon as possible.

"File first—beat the crooks," Velasquez said. But she knows that is easier said than done.

"We know that the thieves are listening to that as well, so of course they are lining up early and they are going to try and file first. too, and beat you to the punch."

—By CNBC's Scott Cohn. Follow him on Twitter @ScottCohnCNBC

  • Andrea Day

    Andrea Day covers Crime & Punishment for CNBC. She and her team have reported nearly $1 billion in fraud this year.

Inside the SEC

  • The Treasury estimates that $21 billion in potentially fraudulent refunds due to identity theft could be issued in the next five years.

  • CNBC's Gary Kaminsky takes a look at the massive amount of digital data that pours into the SEC's enforcement division, which is in charge of investigating violations of securities laws.

  • CNBC's Gary Kaminsky spent time with SEC's Bruce Karpati to learn more about his division, which investigates allegations of fraud committed by investment advisers. Kaminsky reports that if you're breaking the law, the agency will find you.

Madoff Trustee: Investigations Inc

Selling the American Dream

Investigations Inc.: Cyber Espionage

  • When a person enters information on a website, like an email or credit card, it gets stored in that company’s data base. Those web-based forms are a simple tool for users, but they are also another way hackers can exploit a company’s system. Instead of inputting a name into the website, cyber spies can put in a specially crafted text that may cause the database to execute the code instead of simply storing it, Alperovitch said. The result is a “malicious takeover of the system,” he said.

    By attacking business computer networks, hackers are accessing company secrets and confidential strategies and creating huge losses for the overall economy.

  • China is working feverishly to counteract its slowest GDP growth in recent years, and one of the ways it’s doing so, say U.S. officials, is through the theft of American corporate secrets.

  • US businesses are enduring an unprecedented onslaught of cyber invasions from foreign governments, organized crime syndicates, and hacker collectives, all seeking to steal information and disrupt services, cybersecurity experts say.