States: Spike in Tax Fraud Against Doctors

April 22, 2014 in Security News by News Bot

An unusual number of physicians in several U.S. states are just finding out that they’ve been victimized by tax return fraud this year, KrebsOnSecurity has learned. An apparent spike in tax fraud cases against medical professionals is fueling speculation that the crimes may have been prompted by a data breach at some type of national organization that certifies or provides credentials for physicians.

taxfraudScott Colby, executive vice president of the New Hampshire Medical Society, said he started hearing from physicians in his state about a week ago, when doctors who were just filing their tax returns began receiving notices from the Internal Revenue Service that someone had already filed their taxes and claimed a large refund.

So far, Colby has heard from 111 doctors, physician assistants and nurse practitioners in New Hampshire who have been victims of tax fraud this year.

“I’ve been here four years and this is the first time this issue has come across my desk,” Colby said.

In this increasingly common crime, thieves steal or purchase Social Security numbers and other data on consumers, and then electronically fraudulently file tax returns claiming a large refund. The thieves instruct the IRS to send the refund to a bank account that is tied to a prepaid debit card, which the fraudster can then use to withdraw cash at an ATM (for more on how this works, see last week’s story, Crimeware Helps File Fraudulent Tax Returns).

Unlike the scam I wrote about last week — which involved the theft of credentials to third-party payroll and HR providers that are then used to pull W2 records and file bogus tax returns on all company employees — the tax fraud being perpetrated against the physicians Colby is tracking is more selective.

“We’ve done a broadcast to all of the hospital systems in the state, and I have yet to receive one [victim] name from a non-clinician,” Colby said. “And you would think if it was an HR or payroll issue that at least a couple of administrative, non-clinical folks would have been in the mix, but that is not the case.”

AN EPIDEMIC OF TAX FRAUD?

Colby said he’s heard similar reports from other states, including Arizona, Connecticut, Indiana, Maine, Michigan, North Carolina and Vermont.

Elaine Ellis Stone, director of communications at the North Carolina Medical Society, said her organization has been contacted by more than 100 individual doctors and medical practice managers complaining about tax fraud committed in the names of their doctors and other medical staff.

“We’ve been getting a lot of calls from people who’ve experienced this scam,” Ellis Stone said. “We don’t yet know exactly why this type of crime is surfacing so much this year, but we haven’t seen this kind of volume in years past.”

Ellis Stone said that initially, the medical society thought the tax fraud incidents might be related to a move last week by Medicare’s first-ever release of information on payments to some 880,000 medical providers nationwide. As part of that data dump, the Centers for Medicare and Medicaid Services listed the National Providers Identification (NPI) number of each doctor; NPI numbers are used by the federal government to keep track of physicians for Medicare and Medicaid billing purposes.

She said initially when her organization reached out the American Medical Association (AMA) to see if they had any theories about the source of the fraud, someone suggested that the recent release of so many NPI numbers may have allowed thieves to somehow look up Social Security numbers and other sensitive data on doctors. But according to Ellis Stone, those NPI numbers have long been available from the U.S. Centers for Medicare and Medicaid. 

Robert Mills, the AMA’s media relations coordinator, confirmed that the association is hearing from state medical societies that tax identity theft seems to be a greater problem this year that in the past. But he stressed that this scheme seems to be targeting professionals generally, not just physicians.

That’s my take on this as well: There may indeed have been some kind of breach of a physician database that fueled this year’s fraud surge against doctors, but my hunch is that we might also see the same sorts of stats being gathered by state organizations focused on other professions. In other words, the incidence of this type of crime is likely off the charts this year.

That said, a story I’m working on for later this week will examine tax fraud schemes committed by a crime gang that appears to be disproportionately targeting employees at several state healthcare organizations.

DOUBLE DIPPING

According to a 2013 report from the Treasury Inspector General’s office, the U.S. Internal Revenue Service (IRS) issued nearly $4 billion in bogus tax refunds in 2012. The money largely was sent to people who stole Social Security numbers and other information on U.S. citizens, and then filed fraudulent tax returns on those individuals claiming a large refund but at a different address.

Tax fraud is an especially insidious form of identity theft because thieves often also create new financial accounts in their victims’ names. That’s because the same information used to file tax returns on someone can be useful in opening up new credit card and loan accounts.

“Some of the docs I’ve spoken with also have received notification that someone is trying to set up new bank accounts in their name,” New Hampshire’s Scott Colby said.

What’s more, victims of tax fraud one year may also find they are targeted by thieves again the next tax season.

Gordon Smith, executive vice president of the Maine Medical Association, said his office has heard from approximately 30 physicians in his state about tax fraud over the past couple of weeks.

“Their stories are all very similar,” Smith said. “I talked to one [doctor] who had this happen to him two years in a row now.”

If you become the victim of identity theft, either because of tax fraud — or due to fraud outside of the tax system — you are encouraged to contact the IRS at the Identity Protection Specialized Unit, toll-free at 1-800-908-4490 so that the IRS can take steps to further secure your account.

That process is likely to involve the use of taxpayer-specific PINs for people that have had issues with identity theft. If approved, the PIN is required on any tax return filed for that consumer before a return can be accepted. To start the process of applying for a tax return PIN from the IRS, check out the steps at this link. You will almost certainly need to file an IRS form 14039 (PDF), and provide scanned or photocopied records, such a drivers license or passport.

Verizon: Espionage hacking grows, with more from east Europe

April 22, 2014 in Security News by News Bot

http://s1.reutersmedia.net/resources/r/?m=02&d=20140422&t=2&i=890723121&w=580&fh=&fw=&ll=&pl=&r=CBREA3L0CLX00

Hacking for espionage purposes is sharply increasing, with groups or national governments from Eastern Europe playing a growing role, according to one of the most comprehensive annual studies of computer intrusions.

Spying intrusions traced back to any country in 2013 were blamed on residents of China and other East Asian nations 49 percent of the time, but Eastern European countries, especially Russian-speaking nations, were the suspected launching site for 21 percent of breaches, Verizon Communications Inc's said in its annual Data Breach Investigations Report.

Google to refund buyers of ‘fake’ anti-virus app

April 22, 2014 in Security News by News Bot

http://en.wikipedia.org/wiki/Google

Google has decided that a smallish (for The Chocolate Factory) wad of cash is a trivial price to pay for maintaining its reputation, and has begun refunding punters who fell for the fake “virus shield” scam.

Uncovered by Android Police earlier this month, the fake virus scanner was nothing more than an icon that changed shape when a user tapped it.

The app hit the number-one spot on Google Play before decompilation revealed its true nature and it was pulled – but that still meant that at least 10,000 users had paid $US3.99 for the app.

Active malware campaign steals Apple passwords from jailbroken iPhones

April 22, 2014 in Security News by News Bot

http://cdn.arstechnica.net/wp-content/uploads/2014/04/unflod-hook-499.png

Security researchers have uncovered an active malware campaign in the wild that steals the Apple ID credentials from jailbroken iPhones and iPads.

Digging for answers: The “strong smell” of fraud from one Bitcoin miner maker

April 22, 2014 in Security News by News Bot

http://cdn.arstechnica.net/wp-content/uploads/2014/04/butterfly-labs.jpg

For many crypto-minded libertarians, Bitcoin is the future of money. But that dream hasn't been helped much by the numerous high-profile legal cases involving the currency in recent years: The Bitcoin Savings and Trust hedge fund collapsed; uncertainty fueled the implosion of Mt. Gox, the currency's largest exchange; and the high-profile Silk Road takedown is a treacherous story combining Bitcoin, drugs, and alleged murders.

Former GitHub CEO leaves the company

April 22, 2014 in Security News by News Bot

http://www.wired.com/wp-content/uploads/2014/04/120104_GITHUB_033edit-660x495.jpg

Tom Preston-Werner — founder of the immensely popular social coding site GitHub and its most prominent executive — has left the company in the wake of widely publicized sexual harassment investigation.

GitHub, a tech-industry darling whose coding software is used by millions of developers worldwide, launched the investigation last month after one of the company’s developers, Julie Ann Horvath, quit the company and claimed it had an oversized tolerance for inappropriate behavior.