When Ken and Michele Dauber tried to file their tax return in April, the Palo Alto couple learned that someone else had beaten them to the punch. An unknown person had used their identity to claim an $85,000 refund. The Internal Revenue Service was about to cut the scammer a check.
The Daubers were not alone. Palo Alto police have received 17 complaints of identity-theft income-tax fraud so far this year. That's up from 11 for all of 2014, police spokesman Lt. Zach Perron said. Menlo Park police have handled 15 cases so far this year; there were 11 in 2014, police spokeswoman Nicole Acker said.
The Internal Revenue Service (IRS) estimates that $5 billion is lost each year due to tax fraud and improper payments.
The Daubers said they tried to filed their return electronically on April 12, only to be told "they" had already filed.
"They clearly had last year's return to log in (for online filing)," Michele said of the scammers. "The IRS asks questions about your tax filing to log into your identity. You realize, 'Oh my God -- they have all of the info to get credit cards.'"
Someone also tried to get into their bank account about the same time the Daubers were learning of the bogus tax return. Ken had tried to log into their account and was denied access after the credit union detected three log-in attempts with the wrong information, Michele said. The Daubers went to their bank and created passwords with special codes. They prepared their tax return immediately in paper form before April 15 -- they owed money this year -- and mailed it in, she said.
The couple also filed a police report.
Ken said in the future he will file paper returns or use the IRS online filing system. The IRS will provide a PIN number associated with their return to identify the filer.
"We have this very leaky data system in this country. Everybody is vulnerable. Part of the problem is the big actors -- the credit-card companies -- are economically dependent on the free flow of your information. They don't have any incentive to make things more secure," he said.
One thing he learned through the experience: The later one files, the more vulnerable one becomes because the chances are the scammers will have filed before the taxpayer.
"If you're filing on Jan. 1, no one can file before you. That's definitely a lesson I'm going to take," he said. He also thinks everyone should have a security freeze on their credit reports, designed to prevent new credit or service accounts from being opened in their name, he said.
Diane Carlini, a spokesperson for Intuit, the makers of Turbo Tax software for tax preparation and filing, said that phishing is a major trend among scammers to get a victim's information.
Phishing emails, phone calls and letters often purport to need information from the victim and can be disguised as coming from a bank, social networking site or even the IRS. The scammer may add malicious programming to steal vital information off of computers, smart phones and laptops. Carlini said storing personal and financial documents on a laptop is not a good idea because the devices are not secure.
Microsoft offers a tutorial on how to recognize and avoid phishing (tinyurl.com/3c2axs8).
Intuit also has a webpage about what to do if one suspects one's IRS account has been compromised (tinyurl.com/lprqryt).
The company added multi-factor authentication to customers who used Turbo Tax. The customer must answer a series of security questions and take other steps to gain access to their information. Customer data is stored online and held in a safe and secure environment. The company's security team continuously evaluates threats, she said.
Warning signs of fraud include if a taxpayer receives an IRS letter or notice that states: more than one tax return was filed using a Social Security number; that one owes additional tax, refund offset or have had collection actions taken for a year the taxpayer did not file a tax return; IRS records indicate that the taxpayer received wages from an employer they do not know. The agency has an online tutorial for identity-theft victims who find that their tax returns were already filed: irs.gov/uac/.
Intuit notes on its webpage that the IRS might send a letter called Letter 5071C asking the taxpayer to verify his or her identity, but it will ask the taxpayer to confirm it through a phone number or the IRS Identity Verification Service.
"The online service will ask you multiple-choice questions to verify whether or not the tax-return flagged for further identity verification was filed by you or someone else. The IRS only sends such notices by mail. The IRS will not request that you verify your identity by contacting you by phone or through email. If you receive such calls, they are likely a scam," Intuit noted.
Taxpayers who find themselves victims of the tax-filing crime don't have to repay the stolen money, but they won't receive a tax refund until the IRS has wound up a lengthy investigation. The IRS claims it resolves most cases within 120 days, but a 2014 Taxpayer Advocate Service annual report to Congress found the average time for a case to resolve was 179 days, or six months.
"All that means is that it took 120 days for Accounts Management to resolve one module. It does not mean all of the victim's tax issues were resolved in 120 days," the report noted.
And 22 percent of the "closed" cases still required additional steps to resolve taxpayers' identity-theft issues.
As for the Daubers, they said their brush with the tax scammer has turned out OK: Despite the identity theft, they are squared away with the IRS for this year.