Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: Anthem, TurboTax and How Things "Fit Together" Sometimes - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Anthem, TurboTax and How Things "Fit Together" Sometimes

Everybody probably heard of the Anthem data breach. If you are affected, you probably got an e-mail from your HR person with some details by now, or you got a phishing e-mail making sure you can enjoy the "Breached" feeling even without having a health plan with Anthem. 

Whenever there is a big event, be aware that others may jump on the coat tails of the news coverage to take advantage of the general confusion. Hardly any "Anthem" customers actually hear of the name before, as they typically use a local healthplan that is part of the larger Anthem network.

If you receive any phishing emails (only got one so far, but I bet there are more out there) , then please forward it.

On the same note: What is someone going to do with your social security number? The standard answer is "identity theft" and "taking out a loan in your name". Either method is actually quite laborious, and people comiting fraud don't do it because they like to work hard for their money. Turns out there is an easier way, and that gets us to the second story today:

TurboTax (Intuit) today announced that they will not process state returns due to excessive fraud. Tax season of course is just heating up in the US, and TurboTax decided to stop processing state returns after at least one state refused to accept them due to a high rate of fraud for returns filed with TurboTax.

Apparently, for your convenience, TurboTax saved the information you submitted in prior years. If you have ever filled out a tax return, this information can be difficult to dig up. To retrieve this information, you need your global universal password: Your social security number. The result is that by using Turbo Tax, and knowing a tax filers Social Security Number, fraudsters can very easily assemble a plausible tax return and pocket the refund. This fraud is often undetected until the actual tax payer submits a return. In this case, the later return is rejected and now the legitimate tax payer has to proof that their return is more legitimate then the earlier one. This can lead to extensive delays in receiving a refund.

---
Johannes B. Ullrich, Ph.D.
STI|Twitter|LinkedIn

I will be teaching next: Defending Web Applications Security Essentials - SANS Brussels September 2019

Johannes

3608 Posts
ISC Handler
The TurboTax point is slightly misleading. From Intuit's press release: "Intuit took the precautionary step Thursday, Feb. 5, of temporarily pausing its transmission of state e-filing tax returns. Intuit will be working with the states today to begin turning transmissions back on"

That said, glad somebody's finally taking notice of this issue and forcing a sanity check.
Anonymous
Maybe it's time for the government and private enterprise to assume all social security numbers are compromised and figure out what comes next re consumer security.
Dean

135 Posts
South Carolina e-filing is working.
Bobby

1 Posts
"...In this case, the later return is rejected and now the legitimate tax payer has to proof that their return is more legitimate then the earlier one. This can lead to extensive delays in receiving a refund..."

And this is one of two reasons I always try to adjust my withholding so I owe the IRS money (but not so much I pay a penalty), not the other way around. Any rational person looking at two returns, one legit, one fraudulent, where one says they get a refund, and the other says they owe the IRS and include some money, can pick out the real one.
R

35 Posts

Sign Up for Free or Log In to start participating in the conversation!