In-brief: Experian Vice President of Data Breach Resolution tells The Security Ledger that tax ID fraud linked to stolen W-2 forms is up 25% this year, just the latest trend in a long running problem securing tax returns from scammers. But what’s the solution?
It’s tax season again in the U.S. And, in the weeks leading up to the April 15 deadline to file Federal Tax returns, hundreds of millions of Americans will be elbow deep in W-2, 1040 and 1099 forms – not to mention piles of receipts. But for millions of filers, an unpleasant surprise awaits them: the realization that someone has already filed for them, fraudulently. That’s because February and March are also a busy season for online fraud artists, who rush to file phony tax returns on behalf of Americans in the hope of collecting hefty tax refunds from Uncle Sam before either their victim or the government is the wiser.
How big is the tax ID fraud problem? According to data from the IRS, In 2015, the U.S.’s tax agency rejected or suspended the processing of 4.8 million suspicious returns. The IRS stopped an added 1.4 million confirmed identity theft returns, totaling $8.7 billion and stopped $3.1 billion worth of refunds in other types of fraud.
Those numbers are about double what the IRS reported in 2014 and they’re expected to get worse in 2016, despite efforts by the IRS to clamp down on fraud. In just one early sign of trouble, the firm Experian reports that it has already seen a 25 percent increase in the volume of tax fraud tied to stolen W-2 forms compared to last year.
To help understand the tax fraud problem, I recently got on the line with Michael Bruemmer, the Vice President of Experian’s Data Breach Resolution Division. I started by asking Michael about the company’s data on W-2 focused phishing scams, one of the most common ways that fraudsters get ahold of data needed to file fraudulent claims.
According to Bruemmer, incidents of data breach are up around 20 percent each year. Experian handled 4,000 such cases on behalf of customers last year alone.
Employees are the source of the vast majority (85%) of W-2 fraud incidents at companies. That’s because cyber criminals employ sophisticated spear phishing and business e-mail compromise attacks, in which they take over or spoof the email of a senior executive to request sensitive employee tax information.
Still, training to identify such attacks is lagging. Only 45% of companies Experian surveyed made such training mandatory and less than half had any sort of social engineering or phishing training to offer employees.
Check out our full conversation below, or via iTunes.
[soundcloud url=”https://api.soundcloud.com/tracks/310171623″ params=”color=ff5500&auto_play=false&hide_related=false&show_comments=true&show_user=true&show_reposts=false” width=”100%” height=”166″ iframe=”true” /]