Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Fraud & Identity Theft

Fraudsters Who Abused IRS “Get Transcript” Service Plead Guilty

Several people have pleaded guilty to their roles in tax fraud schemes involving the Internal Revenue Service’s “Get Transcript” database.

The “Get Transcript” online service was launched in January 2014 to allow users to view and download their tax transcripts. The service was shut down in May 2015 after the IRS discovered that it had been abused by fraudsters.

Several people have pleaded guilty to their roles in tax fraud schemes involving the Internal Revenue Service’s “Get Transcript” database.

The “Get Transcript” online service was launched in January 2014 to allow users to view and download their tax transcripts. The service was shut down in May 2015 after the IRS discovered that it had been abused by fraudsters.

When it decided to shut down the system, the IRS said fraudsters had used information stolen from other sources to access the Get Transcript accounts of over 110,000 taxpayers. The number later increased to 330,000 and, in February, the IRS reported finding 724,000 affected accounts.

Some of the people behind these tax fraud schemes have been identified and indicted. Over the past couple of months, four of them, three from Georgia and one from Miami, pleaded guilty to the charges brought against them.

The guilty plea of 26-year-old Miami resident Marvin Ricardo Herard was announced by the Justice Department on March 1. Herard pleaded guilty to one count of wire fraud, one count of possession of unauthorized access devices, and one count of aggravated identity theft after investigators found more than 1,150 unique personal information records, including social security numbers (SSNs), in his email account.

According to prosecutors, an email address controlled by Herard was used to access 22 accounts in the Get Transcript service. The IP addresses he used had been observed filing over 100 fraudulent tax returns seeking more than $500,000 in refunds, of which the IRS paid out $172,000.

Georgia resident Rapheal Atebefia, 33, pleaded guilty to one count of money laundering in March. Atebefia had worked with a Georgia couple, 42-year-old Anthony Alika and 27-year-old Sonia Alika, who last week pleaded guilty to one count of conspiracy to commit money laundering, respectively one count of illegally structuring cash withdrawals to evade bank reporting requirements.

Authorities said Anthony Alika and Atebefia obtained personally identifiable information (PII) and used it to access the IRS’s Get Transcript database. Using the stolen identities, they obtained prepaid credit cards from stores in multiple states, filed false income tax returns, and directed the IRS to deposit the refunds to their cards. Sonia Alika’s role in the scheme was to withdraw the money. She admitted withdrawing over $250,000 from multiple bank accounts she controlled — the amounts never exceeded $10,000 to evade bank reporting requirements.

Herard faces a maximum statutory sentence of twenty years in prison for the wire fraud charge, ten years in prison for the access device charge, and a mandatory term of two years for aggravated identity theft. Anthony Alika and Atebefia each face up to 20 years in prison, while Sonia Alika faces up to 10 years in prison.

Get Transcript is not the only IRS service abused by fraudsters. In February, the agency reported that identity thieves abused its Electronic Filing PIN application to generate PINs for stolen SSNs. In March, the IRS suspended its Identity Protection (IP) PIN tool to strengthen its security.

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

Cybercrime

A digital ad fraud scheme dubbed "VastFlux" spoofed over 1,700 apps and peaked at 12 billion ad requests per day before being shut down.

Application Security

Software maker Adobe on Tuesday released security patches for 29 documented vulnerabilities across multiple enterprise-facing products and warned that hackers could exploit these bugs...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Application Security

Password management firm LastPass says the hackers behind an August data breach stole a massive stash of customer data, including password vault data that...

Application Security

Google’s Threat Analysis Group (TAG) has shared technical details on an Internet Explorer zero-day vulnerability exploited in attacks by North Korean hacking group APT37.

Application Security

Big-game malware hunters at Volexity are shining the spotlight on a sophisticated Chinese APT caught recently exploiting a Sophos firewall zero-day to plant backdoors...

Application Security

Virtualization technology giant Citrix on Tuesday scrambled out an emergency patch to cover a zero-day flaw in its networking product line and warned that...