Hackers file fake tax returns in scheme to steal IRS refunds

It may be open season for coronavirus scammers, but tax frauds aren’t letting up, either.

Attackers tried obtaining large tax refunds by posing as clients of Weber and Company, the California-based accounting firm revealed last week. The scammers apparently accessed clients’ personal data — including, perhaps, Social Security numbers and bank account information — and used that to file fraudulent returns, Weber and Company said in a notification to California’s attorney general.

The IRS and the FBI are investigating the matter, the company said.

The number of attempted IRS scams tends to increase every year in March and April in the U.S., as legions of crooks try to steal Americans’ refunds. Earlier this month, the IRS said attackers exploiting the COVID-19 crisis could use stolen data to commit tax fraud. In 2016, the IRS said attackers had attempted to breach its online filing portal and steal Social Security numbers.

For years, lawmakers have debated the proper response to incidents of this kind.

It was not immediately clear who was responsible for the Weber and Company breach, how many people were affected, or how the hackers accessed the personal data. Weber and Company did not respond to a request for comment Monday.

Weber and Company said it implemented two-factor authentication as part of heightened security measures after the breach. It also changed the unique identification number that organizations use to file returns with the IRS.

“Although we are unaware of any acquisition of your information or likelihood of harm to you, we are notifying you of this incident because your personal information was accessible to the perpetrator,” the company said in a letter offering a year of free credit monitoring to clients.