Hackers file fake tax returns in scheme to steal IRS refunds

It may be open season for coronavirus scammers, but tax frauds aren’t letting up, either.
tax preparation, tax refund, IRS, tax scam, tax fraud
(Getty Images)

It may be open season for coronavirus scammers, but tax frauds aren’t letting up, either.

Attackers tried obtaining large tax refunds by posing as clients of Weber and Company, the California-based accounting firm revealed last week. The scammers apparently accessed clients’ personal data — including, perhaps, Social Security numbers and bank account information — and used that to file fraudulent returns, Weber and Company said in a notification to California’s attorney general.

The IRS and the FBI are investigating the matter, the company said.

The number of attempted IRS scams tends to increase every year in March and April in the U.S., as legions of crooks try to steal Americans’ refunds. Earlier this month, the IRS said attackers exploiting the COVID-19 crisis could use stolen data to commit tax fraud. In 2016, the IRS said attackers had attempted to breach its online filing portal and steal Social Security numbers.


For years, lawmakers have debated the proper response to incidents of this kind.

It was not immediately clear who was responsible for the Weber and Company breach, how many people were affected, or how the hackers accessed the personal data. Weber and Company did not respond to a request for comment Monday.

Weber and Company said it implemented two-factor authentication as part of heightened security measures after the breach. It also changed the unique identification number that organizations use to file returns with the IRS.

“Although we are unaware of any acquisition of your information or likelihood of harm to you, we are notifying you of this incident because your personal information was accessible to the perpetrator,” the company said in a letter offering a year of free credit monitoring to clients.

Sean Lyngaas

Written by Sean Lyngaas

Sean Lyngaas is CyberScoop’s Senior Reporter covering the Department of Homeland Security and Congress. He was previously a freelance journalist in West Africa, where he covered everything from a presidential election in Ghana to military mutinies in Ivory Coast for The New York Times. Lyngaas’ reporting also has appeared in The Washington Post, The Economist and the BBC, among other outlets. His investigation of cybersecurity issues in the nuclear sector, backed by a grant from the Pulitzer Center on Crisis Reporting, won plaudits from industrial security experts. He was previously a reporter with Federal Computer Week and, before that, with Smart Grid Today. Sean earned a B.A. in public policy from Duke University and an M.A. in International Relations from The Fletcher School of Law and Diplomacy at Tufts University.

Latest Podcasts