Hackers Could Steal Your Income Tax Refund—How They Do It

march 23, 2021 | taxes
Hackers Could Steal Your Income Tax Refund – How They Do It

Welcome to this monthly feature on the IDShield blog. "How They Do It" is geared to give you glimpses into the hidden world of hackers. You'll learn the many ways they operate so you can guard your identity and your assets.

It's income tax filing season, folks, and many Americans are already checking their mailbox or bank balance hourly, waiting for that refund check. Your wait could prove endless if hackers have their sights on your cash. Tax filing rapidly translates into tax fraud for thousands of honest, unsuspecting filers every year.

Would you know if someone had impersonated you to the IRS? This sort of fraud is rampant each spring, and 2021 will be no exception. This year's anticipated surge could be made more complicated due to an IRS that's swamped by stimulus check disbursements on top of their routine work. Help yourself by learning the many ways hackers launch this crime.

Why the IRS Struggles

The IRS is in turmoil and seriously understaffed as they strive to handle stimulus checks in addition to their regular tasks. Taxpayers filed around 168 million tax returns in 2020, and the IRS has not processed roughly 7 million of those tax returns as of February 2021. Millions of taxpayers are still waiting for 2019 refunds! This year, tax filing season opened two weeks late to help the situation, but a backlog still persists. So, a bump in fraudulent tax return success rates seems likely this season.

The formal name for this scam is Stolen Identity Refund Fraud (SIRF), and the IRS criminal investigations staff works diligently to root it out. In the mid-2010s, this scam delivered billions to hackers, prompting the IRS to beef up anti-hack efforts. In 2018, the most recent year evaluated, the agency shut down attempts to steal over $6.2 billion, but still estimates up to $380 million ended up in the wallets of digital bandits. That's progress over 2013 when hackers submitted five million bogus filings and claimed over $30 billion and pocketed almost $6 billion.

The IRS prides itself on prompt refunds—21 days or less is the pledge—but speed may also contribute to unearned refund checks hitting the mail. The IRS may not have the employer data on earnings in hand when processing a return and therefore can't easily check for bogus W-2 forms.

Hacker Data Grabs

Who's behind these schemes? Everyone from auto loan sellers to jail inmates has tried their hands at this scam.

To succeed, the thief needs to collect data. Names, addresses, phone numbers, even email addresses are readily available online. Getting a Social Security number is not difficult, either. Your employer's name or your annual earning details are not even necessary. Thieves simply pull imaginary numbers out of thin air to bump up refund amounts on a bogus W-2 form.

Here are some methods hackers favor:

  • Phishing emails designed to look like their originated from legit businesses to target human resources or payroll workers.

  • Spear phishing emails sent to a specific person known to possess W-2 forms or employee Social Security numbers.

  • Compromising a worker's email account to impersonate top officials and to collect confidential data.

  • Honest tax preparers experience breaches.

  • Dishonest tax preparers share client data.

  • Thieves steal job applications.

  • Payroll firm records are also breached.

  • Health records are compromised.

  • W-2 forms in mailboxes get stolen.

  • Tax forms are diverted with other mail after hackers file a change of address form in your name.

  • Even rogue employees can steal personal info then utilize it to commit SIRF (Stolen Identity Refund Fraud).

In 2018, the IRS issued a special warning about new twists to this threat. The agency warned that bogus refunds were showing up in taxpayer bank accounts. In this case, the miscreant uses your account for the unearned deposit. A single check drawn on your account contains all the needed details. Crooks then call you posing as an IRS collection agent. You're directed to return the funds, but hackers are on the receiving end. When the IRS discovers their error – and they will – you will owe them the money!

On occasion, automated messages you receive allege that you face criminal fraud charges, arrest, and 'blacklisting' of your SSN. That's scary enough. The communication includes a case number and details to refund the cash. Don't do it!

Here's the vital warning one more time: The IRS will never call you initially to discuss a case, but some victims still succumb to these strong-arm tactics.

Detecting Thefts

Unfortunately, the first notice most taxpayers receive that someone stole their income tax identity, comes after they file a return, and the government rejects it as a duplicate. That's one reason hackers file their claims as early as possible.

On occasion, the IRS detects a pattern of questionable returns and halts payment before the money leaves the U.S. Treasury. With an estimated 40% to 65% of Americans now working from home, even more patterns or abuses may crop up.

Identity theft is not an easy matter to clear up with the taxman. There are affidavits to file and extended delays before you can expect a refund. Before stimulus check tasks inundated the IRS, identity theft resolution often took more than 180 days. There's no predicting how long cleaning up this type of theft will take this year.

Be Proactive

Hopefully, you won't experience income tax fraud this year, and now’s the time to establish protections.

  • The IRS encourages all taxpayers to set up an online account at, and you should—before someone else tries to claim one in your name. 

  • The IRS has provided victims of tax identity theft unique PIN numbers for years. Since January, any taxpayer can request this extra identification code to thwart income tax refund fraud.

PIN’s are wholly voluntary but also require a rigorous identification process.

The IRS urges taxpayers to share any bogus emails received that claim to originate from their offices. Forward those to [email protected]. Prosecutions take time, but they do yield results. Hundreds of individuals have already been arrested and jailed since the crackdown on stolen identity tax fraud geared up several years ago.

IDShield is a product of Pre-Paid Legal Services, Inc. d/b/a LegalShield (“LegalShield”). LegalShield provides access to identity theft protection and restoration services. For complete terms, coverage, and conditions, please see an identity theft plan. All Licensed Private Investigators are licensed in the state of Oklahoma. This is meant to provide general information and is not intended to provide legal advice, render an opinion, or provide any specific recommendations.

Let IDShield Help Keep You More Secure Today