TurboTax fraud uncovered in U.S. couldn't happen here, CRA says
Software maker Intuit says fraudsters stole people's identities to hack into tax files
Fraudsters are using TurboTax to hack into tax filings in some U.S. states, but the popular tax program's maker says that's not a problem that could happen in Canada.
The Canada Revenue Agency confirmed it is aware of problems with TurboTax filings in the U.S., but a spokesman said the same problems couldn't happen here because the tax-filing model is different.
There have been no cases here of similar fraud, he said.
Intuit Inc., the maker of TurboTax, said it is working with state agencies in the U.S. to address suspicious.
Fraudsters are able to get into the accounts of people who file their taxes electronically by buying names, addresses and other personal information from other cybercriminals, said company spokeswoman Julie Miller.
Fraudsters then file a false return that qualifies for a refund, changing the mailing address or the bank account information of the tax filer so they can claim the return, she said.
"It's really linked to the rise of identity theft. In this situation, the fact is that so much data is available to fraudsters that they can use your identity to try to break into the account," she said.
Identitifying information sold online
The hackers may be able to get into accounts because the password is too simple – such as 1234 – or because it is based on personal information, such as child's name or your birthday.
The problem is "contained to the U.S. only," she said. "In the U.S., tax fraud is on the rise."
She said TurboTax itself has not been hacked and it has robust encryption and security in place, similar to that used by banks.
In Canada, because of different procedures at the Canada Revenue Agency, this kind of fraud isn't possible, Miller said.
For example, a mailing address on file for a taxpayer at the CRA cannot be changed through a TurboTax file, so a refund cannot be redirected.
Intuit said it took a precautionary step Thursday of temporarily pausing its transmission of state e-filing tax returns for some state agencies while it investigated the problem with a security expert. The U.S. Internal Revenue Service was not affected.
Most victims found out that a fraudulent tax return was submitted in their name when they received a rejection notice after filing their returns, Miller said.
With files from The Associated Press