Connect with us

Cyber Security

Group indicted for breaching CPA, tax preparation firms via stolen credentials

Published

on

United States Attorney Roger B. Handberg announces the partial unsealing of an indictment charging eight individuals with Racketeer Influenced and Corrupt Organizations (RICO) conspiracy.

CPA tax preparation breach

Four have also been charged with wire fraud conspiracy and aggravated identity theft. If convicted, each faces a maximum penalty of 20 years in federal prison for the RICO conspiracy count. They also face a maximum penalty of 20 years in federal prison for the wire fraud conspiracy count and a consecutive 2 years’ imprisonment for the aggravated identity theft count.

According to the indictment and information shared in court, from 2015 through 2019, the defendants and numerous other conspirators – including a now-deceased conspirator who is referenced in the indictment as RICH4EVER4430 – banded together to engage in a sophisticated cybercrime and tax fraud scheme.

The defendants purchased on the dark web server credentials for the computer servers of Certified Public Accounting (CPA) and tax preparation firms across the country. They used those server credentials to remotely and covertly commit computer intrusions and exfiltrate the tax returns of thousands of taxpayers who were clients of those CPA and tax preparation firms. Those tax returns included the clients’ names, dates of birth, Social Security numbers, and financial information.

The defendants and other conspirators formed an enterprise through which they filed thousands of false tax returns in the names of more than 9,000 identity theft victims.

Members of the enterprise created and operated at least six fraudulent tax preparation businesses in south Florida, and used those businesses to file many of these false tax returns. The conspirators directed the resulting tax refunds to debit cards and bank accounts that they controlled.

Also, to make the businesses appear more legitimate, members of the enterprise opened bank accounts in the names of these fraudulent tax businesses to receive fake “tax preparer fees.” Members of the enterprise also registered with the Internal Revenue Service (IRS) preparer tax identification numbers using the names and information of identity theft victims, to make it appear that those victims were the individuals who were filing false returns in bulk.

In other iterations of the charged RICO conspiracy, members of the enterprise “hijacked” the IRS-issued identification numbers of CPA and tax preparation firms and used those identification numbers to file scores of additional false tax returns. Members of the enterprise filed false self-prepared tax returns using stolen identities as well.

To obfuscate their cybercriminal conduct, the conspirators routinely used pseudonyms, opened business entities and bank accounts in the names of nominees and identity theft victims, and conducted their illicit business using dozens of different email addresses. Altogether, the enterprise claimed more than $36 million in false tax refunds over the course of approximately four years. The actual loss amount is still being calculated but is at least $4 million.

Source: https://www.helpnetsecurity.com/2022/11/02/breaching-cp-tax-preparation-firms-via-stolen-credentials/

Advertisement
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Copyright © 2023 Cyber Reports Cyber Security News All Rights Reserved Website by Top Search SEO