April 15 marks the deadline for tax season, but consumers and businesses should file their taxes as early as possible and pay more attention to their online tax accounts, as fraudsters are increasingly focused on tax identity theft, anti-fraud firm ThreatMetrix warned on March 10.
As criminals gain more information on potential victims, filing for a tax refund in the name of another person has become easier. At least 10 percent of account access attempts, including account creation and logins, were fraudulent in the last month, according to ThreatMetrix, which seeks to detect fraudulent access to important online services, such as bank accounts and tax filings.
"We've seen a large increase in attempts at identity theft, including tax fraud and account takeover," Mustafa Rassiwala, senior director of product management of ThreatMetrix, told eWEEK. "We see it typically with banks, and now with tax filings as well."
The company's data, which includes data on fraudulent access attempts for one of the largest tax software makers, shows a growing problem, which matches data from the U.S. Treasury Department. In 2013, identify fraud affected 1.6 million taxpayers, up from 1.2 million in 2012, according to the Treasury Inspector General for Tax Administration.
While the Internal Revenue Service (IRS) is getting better at preventing damages—losing about $4 billion in fraud in 2011, compared with $5.6 billion in 2010—the agency still has a long way to go. The Inspector General's investigation in a sampling of 100 identity theft cases found that, while the correct taxpayer identity was eventually found in all cases, there was an average of 277 days of inactivity per case.
The most common cases of tax identity fraud are when scammers file a return for a child or an adult who does not merit a return. In other cases, online thieves use known credentials for a victim—perhaps gleaned from the compromise of an unrelated service—to access their online account with the IRS. The launch of the IRS mobile app could exacerbate the issues, ThreatMetrix warned.
In its own data, ThreatMetrix found that more than half of the reported fraud involves a criminal trying to illegally access an account, while roughly 20 percent of the fraud occurs at the time of payment.
The company urged government agencies and private industry to share anonymized data on attacks to better understand the threats. Consumers and businesses should treat their tax filings as valuable sources of information and take steps to protect them, said Rassiwala.
"They should have a very unique username and password that is going to be as secure as possible," he said. "Also, file as early as possible, and go back and keep checking to make sure that nothing in your account has been modified."