More TurboTax woes - Minnesota stops accepting returns (edit - now all state filings)

[M Paquette]

Sounds like someone has brought the wonders of automation to filing fraudulent tax returns, and Intuit has done their usual job in handling security and fraud prevention.

 

[audreyh1]

Simply snail mailing the refund check to the taxpayer's address of record would also largely resolve this problem.

Except that you are allowed to change your address. There is no special procedure for it, other than putting your new address on your filed return.

 

[BellBarbara]

I was watching one of those prison shows and when they tossed a guys cell they found these legal pads with names, addresses, SS, and information to be entered on tax returns. I think a lot of this would go away if there was no instant refund, or advance refund like some of the tax preparation companies do.

Huge mistake and allows instant theft. Mail a check and it's much less likely to happen.

 

[walkinwood]

Here's Intuit's message on this
Intuit Working With State Governments to Solve Emerging Tax Fraud Problem | The TurboTax Blog

 

[Walt34]

I noticed that this has not affected HRB and TaxAct. Or could that be just because TT has a larger share of the market and would notice sooner?

 

[Mulligan]

I noticed that this has not affected HRB and TaxAct. Or could that be just because TT has a larger share of the market and would notice sooner?

Being a Turbo guy and stuck in a holding pattern until I get all my forms, I checked in today to just make sure they didn't say "your return has been processed and refund already received"


Sent from my iPad using Tapatalk

 

[audreyh1]

Being a Turbo guy and stuck in a holding pattern until I get all my forms, I checked in today to just make sure they didn't say "your return has been processed and refund already received"


Sent from my iPad using Tapatalk

How do you do this?

 

[Mulligan]

How do you do this?

I just signed into my account. It welcomed me back and wanted me to update any items from 2013 tax year such as address before starting in this year's taxes... I did that part and stopped.


Sent from my iPad using Tapatalk

 

[audreyh1]

I just signed into my account. It welcomed me back and wanted me to update any items from 2013 tax year such as address before starting in this year's taxes... I did that part and stopped.


Sent from my iPad using Tapatalk

The frauds don't go through your Turbotax account. They would have a separate Turbotax account but use your SS#.

It's only the IRS that knows whether a return has already been filed for your SS#.

 

[Mulligan]

The frauds don't go through your Turbotax account. They would have a separate Turbotax account but use your SS#.

Well I wish you hadn't told me that, as in this case "ignorance is bliss" since I cannot file yet! [emoji31]


Sent from my iPad using Tapatalk

 

[audreyh1]

Well I wish you hadn't told me that, as in this case "ignorance is bliss" since I cannot file yet! [emoji31]


Sent from my iPad using Tapatalk

Sorry! I was hoping you had an in on the IRS.

 

[Mulligan]

Sorry! I was hoping you had an in on the IRS.

If I would ever get to know anyone of them it probably wouldn't be a good thing for me, Audrey! I definitely will file the minute my brokerage info comes now, though.


Sent from my iPad using Tapatalk

 

[Chuckanut]

More TurboTax woes - Minnesota stops accepting returns (edit - now all state ...

Kerns has a good discussion of the current problem. See the Feb 6 blog entry.

http://krebsonsecurity.com

Also note the picture of the website selling stollen tax Id information. 4 cents a name. Not so good.

"Stolen TurboTax or H&R Block credentials are cheaper and more plentiful that most people probably would imagine. According to the below-pictured well-known seller on the Dark Web forum Evolution Market, hacked accounts currently can be had for .0002 bitcoins, which works out to about 4 cents apiece."

 

[easysurfer]

Watched the evening news with Brian Williams (at least for now, he's still the anchorman, but that's a different story ), and according to that the fraudsters from from identity theft and not with intuit itself.

Also, looks like state e- filing is back.

E-filing resumed at 6 p.m. Eastern time, TurboTax parent company Intuit Inc. announced in a news release. The company has continued to work with states where suspicious filings have been reported.
State agencies had reported a rise in filings with stolen personal information, Intuit said.

TurboTax Resumes E-Filings FOr State Returns After To Fraud Risk « CBS New York

 

[audreyh1]

Kerns has a good discussion of the current problem. See the Feb 6 blog entry.

Krebs on Security

Also note the picture of the website selling stollen tax Id information. 4 cents a name. Not so good.

"Stolen TurboTax or H&R Block credentials are cheaper and more plentiful that most people probably would imagine. According to the below-pictured well-known seller on the Dark Web forum Evolution Market, hacked accounts currently can be had for .0002 bitcoins, which works out to about 4 cents apiece."

Thanks - yes, when I try to understand a security breach issue, I usually end up going to his site. And I even mentioned his name today but hadn't quite gotten to his site. Looks like these credentials are stolen through the usual mechanisms - PC malware and phishing.

 

[MichaelB]

Here's something new, that should interest folks here.

The Internal Revenue Service is again offering the Identity Protection PIN to all taxpayers who filed their federal tax returns last year from Florida, Georgia and the District of Columbia as part of a pilot program to help determine taxpayer demand for the IP PIN and the Service's ability to issue the PIN to a larger number of taxpayers. These locations have the highest per-capita percentage of tax-related identity theft.

IP PIN pilot continues in Georgia, Florida and the District of Columbia
http://www.irs.gov/Individuals/Freq...ection-Personal-Identification-Number-(IP-PIN)

 

[audreyh1]

Here's something new, that should interest folks here.
IP PIN pilot continues in Georgia, Florida and the District of Columbia
http://www.irs.gov/Individuals/Freq...ection-Personal-Identification-Number-(IP-PIN)

I didn't know how new this was. I saw they were only offering it for states with high return fraud, otherwise you have to have been a victim of ID theft to get one.

The thing that bugs me is that they mail you a new PIN each December? Well, I guess if there are no other credentials along with it that is innocuous enough, but I hate getting sensitive information by mail.

 

[GTFan]

Here's something new, that should interest folks here.
IP PIN pilot continues in Georgia, Florida and the District of Columbia
http://www.irs.gov/Individuals/Freq...ection-Personal-Identification-Number-(IP-PIN)

Thanks, I'm in GA and just signed up for a PIN. Doesn't look like it will help for state filing fraud though, and I don't see a way to similarly protect our GA return because GA is still stuck in the early days of websites.

 

[samclem]

A hint about why TurboTax state returns might be affected at a higher rate than those prepared with other programs--maybe it's the procedure each software uses: (from the WSJ, may require subscription, bold added)

H&R Block has no indication of similar problems with its state tax filings, company spokesman Gene King said Friday. “H&R Block continues to file state and federal returns as usual,” he said.


The Block spokesman also said his company’s anti-fraud controls include requiring an e-filed federal return to have been accepted by the U.S. prior to transmitting a state e-filed return. With TurboTax, by contrast, it is possible to e-file a state return without e-filing a federal return, Intuit confirms.
A TaxAct spokeswoman said that company is not seeing similar fraud issues and that customers can file state and federal returns as usual.

The successful filing/acceptance of a federal return might serve as an effective "screen" to some fraudulent/duplicate returns, especially if a state's fraud prevention mechanisms are weak. Series, rather than parallel, submission of the federal/state returns is a bit more cumbersome, but serves as additional protective measure.

 

[MichaelB]

A hint about why TurboTax state returns might be affected at a higher rate than those prepared with other programs--maybe it's the procedure each software uses: (from the WSJ, may require subscription, bold added)


The successful filing/acceptance of a federal return might serve as an effective "screen" to some fraudulent/duplicate returns, especially if the state's fraud prevention mechanisms are weak.

Makes sense. Thanks for the snippet and link.

 

[MooreBonds]

This scam that involves 'filing for your refund before you can' has been going on for several years now. All the criminal needs is your social security number and other PII. similar to what was just stolen in the Anthem hack.

IIRC, It hasn't been specifically a turbotax thing, just any sort of electronic filing. before that, they would just snail mail in the documents before you, IIRC

Crap! Being one of those 80 million in the Anthem attack, I'm starting to see the danger. I ALWAYS delay filing until the very end (April 15), because I always have at least 1 revision to my 1099s from my brokerages-usually 2 or 3 revisions. One year, the 1099 was revised on April 5, and I didn't receive it until April 10!

Because I file an army of forms (MLP holdings, HSA deduction, self-employment side gig, Stock transactions), I don't want to have to refile all of those forms because $25 in dividends was re-declared by a REIT or CEF from "qualified dividend" to "return of capital". So, I wait until the very end with the information pre-filled out in spreadsheets, ready to put into the final forms.

I've heard about people committing fraud with federal returns by filing for bogus refunds, but if an organized crime syndicate has a large number of SSNs, it would make it much easier to do this. And since many Americans wait until April 15 to post mark, it would be pretty easy to file many returns early in Jan/Feb for fraudulent refunds.

 

[Walt34]

I didn't know how new this was. I saw they were only offering it for states with high return fraud, otherwise you have to have been a victim of ID theft to get one.

Admittedly it is confusing but that does not appear to be the case if I understand this correctly from the second link MichaelB posted. The quoted text is at the bottom of the page:

If I choose to get an IP PIN, does this mean I am an identity theft victim?
No, the program is not limited to just identity theft victims. The main purpose of the program is to add an additional layer of protection to taxpayers who live in areas where tax-related identity theft is more prevalent.

 

[audreyh1]

Admittedly it is confusing but that does not appear to be the case if I understand this correctly from the second link MichaelB posted. The quoted text is at the bottom of the page:

Thanks!

 

[audreyh1]

Someone I know got a phishing email today from the "IRS" announcing that they had a new IP PIN to use for e-Filing their 2014 return.

Subject: Your 2014 electronic IP PIN!

Dear member

This is to inform you that our system has generated your new secure electronic PIN to e-File your 2014 tax return.

Please kindly download the Microsoft file to securely review it.

Thanks

Internal Revenue Service
<address given>

attachment named Tax(IP.PIN).doc

 

[samclem]

Someone I know got a phishing email today from the "IRS" announcing that they had a new IP PIN to use for e-Filing their 2014 return

Wow--both Microsoft and the IRS in the same solicitation. If it had Comcast it would be some sort of evil trifecta.