Tax-refund fraud: filing someone else's return to rip them off

In the New York Times, Lizette Alvarez reports on a "tsumani of fraud" in the form of tax-refund identity theft. Using only a very little information, crooks file tax returns in their victims' names (the IRS helpfully corrects any mistakes they make in the particulars), then collect the victims' tax refunds:

The criminals, some of them former drug dealers, outwit the Internal Revenue Service by filing a return before the legitimate taxpayer files. Then the criminals receive the refund, sometimes by check but more often though a convenient but hard-to-trace prepaid debit card.

The government-approved cards, intended to help people who have no bank accounts, are widely available in many places, including tax preparation companies. Some of them are mailed, and the swindlers often provide addresses for vacant houses, even buying mailboxes for them, and then collect the refunds there.

...J. Russell George, the Treasury inspector general for tax administration, testified before Congress this month that the I.R.S. detected 940,000 fake returns for 2010 in which identity thieves would have received $6.5 billion in refunds. But Mr. George said the agency missed an additional 1.5 million returns with possibly fraudulent refunds worth more than $5.2 billion.

With Personal Data in Hand, Thieves File Early and Often (via Schneier)


  1. Or they just get jobs at the post office and steal the checks outright.  That happened to us once, friggin PISSED ME OFF….  about 30,000 checks were stolen from that one post office that year.

  2. Happened to some friends of ours a few years ago, in Canada.  They were getting ready to buy a house, and their realtor suddenly stopped answering calls – just vanished.  It turned out she also hadn’t brought all the financial documents they’d given her to be stored in the safe at the office like she was supposed to – so she had everything she needed to do a convincing return for them.

  3. Here’s what I don’t get about this type of fraud: cashing those IRS checks leads to a paper trail. Simply hold the casher of the check (whether its a bank, a check cashing agency, or who/whatever) responsible for the value of the check if they cash it without establishing identity, and you’d reduce the level of this kind of fraud very, very quickly.

    Yes, some criminals would go the fake ID route and walk into a check cashing agency with it to cash a sizeable refund check. But you’d have at least put one barrier to entry in the way. 

    1. Simply hold the casher of the check responsible for the value of the check if they cash it without establishing identity, and you’d reduce the level of this kind of fraud
      very, very quickly.

      So, you punish someone who’s tries to establish identity, but who gets fooled by a convincing scam? And then the process grinds to a halt as every casher refuses to cash the cheques unless the holder has iD up the wazoo, and then some, and then some more, or just thinks “well, even if I’m convinced, I might be fooled, so fuck it, it’s not worth it”.

      Not a good plan.

      You’d be nearer the mark if you made the issuer of the cheque responsible if they issue it to the wrong person. OR better yet, forget about punishing someone (other than the fraudster) and just design a decent system with proper checks and balances.

      1. You make a fair point. Ultimately it should be the IRS as the issuer who is held accountable. Ultimately, the whole thing seems to rest on this wierd premise in the US banking system, in which I can write you a check, and simply by virtue of some scribbled ink on the back of it, someone else can you give you money and attempt to pay the check into their own account. This doesn’t seem like much of foundation for a check clearing system at all.

    2. Simply hold the casher of the check (whether its a bank, a check cashing agency, or who/whatever) responsible for the value of the check if they cash it without establishing identity, and you’d reduce the level of this kind of fraud very, very quickly.

      You think that the government is going to favor a live person over a corpersonoration?  A bank, no less?

  4. Even more baffling to me is how a prepaid debit card is “hard to trace”.  It’s a debit card!  On the grid!  With a unique number!  Just remember WHO it was supposed to be for, and if it’s fraudulent you have at least a trail to start following (you’ll know where/when it’s been used).

    1. The crook is going to spend the money as soon as it shows up. By the time you get around to filing, the only information left is “somebody turned your refund into cash at an ATM in Los Angeles.” You’re never going to get from “somebody in LA” to that specific crook…

  5. “cashing those IRS checks leads to a paper trail.”
    Direct-deposit to a temporary account. Immediately transfer the money offshore. Something like that.

    I know a guy to whom this has happened for the last two years.

    1. offshore transfers, especially of very large amounts, are just as traceable. you don’t move money from A to B without a SWIFT code unless you own the bank. 

  6. This happened to me in April- TurboTax displayed an error when I submitted my return and I had to call the IRS directly. Amazingly I was only on hold for 40 minutes (Note: It was the day before Tax Day, I consider that a win!) and I had the most helpful, cheery, friendly CSR I’ve ever experienced. I was flabbergasted by the level of customer service I received.  Filled out and mailed out a form and a paper return, notified my credit agencies, filed a police report, and I now have 6 years of credit monitoring gratis. 
    Pain in the ass? Yes. 
    Terrible? Not nearly as much as I thought it would be. 

    1. I’ve called the IRS ~10 times. I’ve only gotten one bad agent. Most of them have been very helpful.

    2.  You and I were having the same experience at the same time.   I agree – the people who work in the identity fraud section  of the the IRS are very professional and kind.

      I don’t think I have 6 years of gratis credit monitoring… how did you get that?

  7. And this is why you should tweak your withholdings so you just owe a little at the end of the year. You get to keep more of your money, and no one can intercept your refund. Keeping that balance from year to year takes some work, but it is obviously worth it in the end.

    1. THIS.

      Any accountant will tell you (I’m the child of *two*), anyone who treats the income tax system like a yearly lottery is just an undisciplined sucker who is only shorting themselves on their interest returns throughout the year.

      1. Hmmm. Then I wonder how filing as early as possible would have affected the scam… Or if you had been making quarterly estimated tax payments.

        If none of these things matter then it would seem to be similar to other types of identity theft/fraud where there are few variables controlled by the victim and little to be done to prevent it. Similar to having your CC info stolen from a database even though you keep the card safely in your wallet and use it properly/judiciously. 

        Sorry to hear that. :/

    2. I don’t think that would work:  I don’t know about the US, but in Canada, they could add all kinds of bogus deductions.  Off the top of my head:

      – a private business operating at a loss
      – large medical expenses
      – home renovation expenses for the purpose of renting out a suite
      – charitable donations

      They’d need to fake up receipts for the charitable donations (I don’t imagine they’d be that hard), but for all the rest you’re supposed to hang onto the receipts and submit them only in case you get audited.

  8. Happened to me this year – I e-filed on January 25th and whoever fraudfiled had already used my ID.   The IRS was little help, the lady I spoke with didn’t even mention the form for possible ID theft that I had to file until I repeatedly asked if there were anything I needed to do besides file by mail.

    Haven’t heard back from them yet either.

    1. That’s why all accountants I know recommend calling the IRS thrice, and going off of the response given 2/3 of the time. Even then, you’re still responsible for following the proper procedures, regardless of what was said.

  9. What I don’t get is why the IRS doesn’t do a bit of checking. They have last year’s return on file. If the refund’s being mailed, compare the mailing address to last year’s. If it doesn’t match and there wasn’t a change-of-address filed at the Post Office before the end of the year, attempt to contact the taxpayer using their older contact information (don’t trust what’s on the return). Most people don’t move every year so the old address may well still be current, and a lot of people who move keep their old phone number so it may still be current too. DMV has a fairly current address if they have a driver’s license. Credit reports have a wealth of information. If the refund’s being direct-deposited, confirm that the bank account’s in the name of the person filing the return. If it isn’t, try to contact the taxpayer as above. And add the bank used on last year’s return if that refund was direct-deposited too, a lot of people don’t change banks unless they move out of town (and sometimes not even then in this age of interstate banks). It may require changing the laws a bit to allow the IRS to request and get this information, but the Feds seem to share this stuff all the time anyway so at least in one case they might as well let the sharing benefit the taxpayers.

    This won’t catch all fraud, no. But even if it only catches half, that still leaves the scam artists facing a 50/50 chance on every return that this one’ll see the Feds showing up at their mailbox or bank asking questions.

  10. Now if Federal law would only allow the legal holder of an SSN to know when and how the legal holder’s SSN is being used illegally things would be much easier.

  11.  This is a little sideways to the topic, but we just received a Chase managed debit card refund two days ago from the IRS.  We didn’t request such a card, had no idea it was coming.  The paperwork accompanying the card told us all the things we could do with it:  use it an ATM, for purchases, buy stuff online, take it to a teller, but they didn’t tell us how to transfer the actual money off the card and into another account.  A call to a Chase representative told us it was impossible and confirmed that an account had been made in our name at a bank which Chase managed but couldn’t actually do anything with. 

    After making a login and doing a lot of nonsense I found a link on the online account management tool which let us do a bank transfer – an option which was specifically NOT mentioned in the paperwork. 

    The whole time we were going through this, we were marveling at how easy it would be to identity theft away the card and info.  The automated proof-of-ID process only asked two questions which would be accessible to anyone who actually saw the tax form.  We kept assuring ourselves that the infinite wisdom of the govt meant there was some sneaky process in place to prevent rip-offs, but I guess not.

  12. I got hit with this in 2010 also and it finally didn’t resolve until a couple months ago. I was worried that this would happen again this year, but I filed in the second week of January and managed to cut off any other fraudsters. Every IRS representative I spoke with was helpful, though completely overwhelmed by the sheer volume of the crime – the last agent said to file as early as possible and that was the takeaway.

    Getting rid of refund-by-debit-card would be an easy way to make the scam at least difficult in the volume that it’s happening, but I suspect that the bank industry who profits off of this isn’t interested. (I used to work for a POS/CC processor and the entire debit card system seems riddled with holes)

Comments are closed.