Intuit halts TurboTax filings after states spot mass tax fraud scheme

Identity thieves skimming gov't cash via bogus tax returns


Accounting software maker Intuit has temporarily suspended the ability of its TurboTax software to electronically file US state income tax returns following reports of widespread suspicious activity.

"During this tax season, Intuit and some states have seen an increase in suspicious filings and attempts by criminals to use stolen identity information to file fraudulent state tax returns and claim tax refunds," the company said in a statement on Friday.

The move comes a day after the state of Utah first noticed the potential fraud and issued a news release [PDF] about it, prompting the state of Minnesota and the District of Columbia to both temporarily stop accepting tax returns filed using TurboTax.

"To this point, 28 fraudulent filings have been identified, though the Tax Commission has flagged 8,000 returns as potentially fraudulent," Utah's tax collection agency said. "Utah taxpayers who filed state income tax returns electronically prior to 2014 through third-party vendors are potentially affected."

The new scare comes hot on the heels of news that Anthem, the US's second largest health insurance firm, recently suffered a data breach that leaked sensitive information from the accounts of millions of customers – including data that could potentially be used to file fraudulent tax returns.

Intuit said the issue only involves state income tax returns and not federal returns filed with the Internal Revenue Service.

Currently 43 US states collect income tax on top of the taxes imposed by the federal government. Filing requirements vary by state but individuals must typically file both returns for a given year by April 15 of the following year.

Only TurboTax appears to be affected for now. National tax preparation chain H&R Block told USA Today that it has "no indication this issue exists" with its own online tax return services and that it's still processing both federal and state returns as usual.

Intuit says it's working with state governments to address the issue and that service should be restored at some point on Friday.

"We've identified specific patterns of behavior where fraud is more likely to occur," said Intuit CEO Brad Smith. "We're working with the states to share that information and remedy the situation quickly."

The company said any customers who have already filed state tax returns with TurboTax will have their returns transmitted to state governments "as soon as possible" once the issue is resolved.

Intuit is also offering free tax preparation, credit monitoring, and identity protection services to customers who believe they are the victims of tax fraud. ®

Broader topics

Narrower topics


Other stories you might like

  • State of internet crime in Q1 2022: Bot traffic on the rise, and more
    According to this cybersecurity outfit that wants your business, anyway

    The fraud industry, in some respects, grew in the first quarter of the year, with crooks putting more human resources into some attacks while increasingly relying on bots to carry out things like credential stuffing and fake account creation.

    That's according to Arkose Labs, which claimed in its latest State of Fraud and Account Security report that one in four online accounts created in Q1 2022 were fake and used for fraud, scams, and the like.

    The biz, which touts device and network defense software, said it came to this conclusion after analyzing "billions of sessions ... across our global network" during the first three months of the year. These sessions apparently spanned account registrations, logins, and interactions with financial, ecommerce, travel, social media, gaming, and entertainment services. Take all these numbers with a grain of salt as ultimately Arkose wants you to buy its stuff to prevent all this kind of crime.

    Continue reading
  • US recovers a record $15m from the 3ve ad-fraud crew
    Swiss banks cough up around half of the proceeds of crime

    The US government has recovered over $15 million in proceeds from the 3ve digital advertising fraud operation that cost businesses more than $29 million for ads that were never viewed.

    "This forfeiture is the largest international cybercrime recovery in the history of the Eastern District of New York," US Attorney Breon Peace said in a statement

    The action, Peace added, "sends a powerful message to those involved in cyber fraud that there are no boundaries to prosecuting these bad actors and locating their ill-gotten assets wherever they are in the world."

    Continue reading
  • China reveals its top five sources of online fraud
    'Brushing' tops the list, as quantity of forbidden content continue to rise

    China’s Ministry of Public Security has revealed the five most prevalent types of fraud perpetrated online or by phone.

    The e-commerce scam known as “brushing” topped the list and accounted for around a third of all internet fraud activity in China. Brushing sees victims lured into making payment for goods that may not be delivered, or are only delivered after buyers are asked to perform several other online tasks that may include downloading dodgy apps and/or establishing e-commerce profiles. Victims can find themselves being asked to pay more than the original price for goods, or denied promised rebates.

    Brushing has also seen e-commerce providers send victims small items they never ordered, using profiles victims did not create or control. Dodgy vendors use that tactic to then write themselves glowing product reviews that increase their visibility on marketplace platforms.

    Continue reading
  • TurboTax to pay $141m to settle claims it scammed millions of people
    Might be a $30 check for you if you were screwed over by 'free, free, free' ads

    Intuit will cough up $141 million in settlement costs and has promised to not make any misleading claims about its supposedly free tax-filing software, prosecutors in the US announced on Wednesday.

    Attorneys General Letitia James in New York and Herbert Slatery III 1in Tennessee led efforts to sue Intuit for allegedly scamming taxpayers with false advertising. All 50 US states plus the District of Columbia joined the lawsuit, and accused the tech giant of luring people into using its TurboTax software on the false pretense it would be free.

    This legal action followed a probe by ProPublica in Intuit's allegedly unfair trade practices.

    Continue reading
  • Another ex-eBay exec admits cyberstalking web souk critics
    David Harville is seventh to cop to harassment campaign

    David Harville, eBay's former director of global resiliency, pleaded guilty this week to five felony counts of participating in a plan to harass and intimidate journalists who were critical of the online auction business.

    Harville is the last of seven former eBay employees/contractors charged by the US Justice Department to have admitted participating in a 2019 cyberstalking campaign to silence Ina and David Steiner, who publish the web newsletter and website EcommerceBytes.

    Former eBay employees/contractors Philip Cooke, Brian Gilbert, Stephanie Popp, Veronica Zea, and Stephanie Stockwell previously pleaded guilty. Cooke last July was sentenced to 18 months behind bars. Gilbert, Popp, Zea and Stockwell are currently awaiting sentencing.

    Continue reading
  • Intuit sued over alleged cryptocurrency thefts via Mailchimp intrusion
    Financial software giant slammed for 'poor security practices'

    Intuit is being sued in the US after a security failure at its Mailchimp email marketing business allegedly led to the theft of cryptocurrency from one or more digital wallets.

    In a proposed class-action lawsuit [PDF] filed in federal court in northern California on Friday, the plaintiff – Alan Levinson of Illinois – claimed he and potentially others fell victim to a sophisticated phishing attack in which their Trezor cryptocurrency wallets were unlawfully accessed and funds siphoned.

    Someone earlier stole from Mailchimp details of Trezor's mailing-list subscribers, and used this information to reach out to those users with an email engineered to trick them into installing malware designed to hijack their digital wallets. Levinson said he believes millions of dollars in crypto-coins were stolen in this attack, including $87,000 from his own wallet.

    Continue reading
  • US appeals court ruling could 'eliminate internet privacy'
    Tech terms of service dissolve Fourth Amendment rights, EFF warns

    The US Ninth Circuit Court of Appeals on Wednesday affirmed the 2019 conviction and sentencing of Carsten Igor Rosenow for sexually exploiting children in the Philippines – and, in the process, the court may have blown a huge hole in internet privacy law.

    The court appears to have given US government agents its blessing to copy anyone's internet account data without reasonable suspicion of wrongdoing – despite the Fourth Amendment's protection against unreasonable searches and seizures. UC Berkeley School of Law professor Orin Kerr noted the decision with dismay.

    "Holy crap: Although it was barely mentioned in the briefing, the CA9 just held in a single sentence, in a precedential opinion, that internet content preservation isn't a seizure," he wrote in a Twitter post. "And TOS [Terms of Service] eliminate all internet privacy."

    Continue reading

Biting the hand that feeds IT © 1998–2022