A May 5, 2015 report detailed that the Internal Revenue Service (“IRS”) has created a new cybercrime investigation team. Based in Washington, D.C., and made up of about a dozen specially-trained agents, the unit will focus exclusively on investigating the rapidly growing instances of identity theft cases in which hackers are stealing information in order to collect victims’ tax refunds. The IRS recently has connected these schemes to $26 million in criminal profits for sophisticated global hacking rings based in countries such as Nigeria, Russia, Bulgaria, Romania, and Latvia.
Over the last fiscal year, virtually all of the 1,063 identity theft cases the IRS criminal investigations unit has initiated have involved a cyber-element. According to the IRS, these cases have nearly quadrupled since 2011. Recent data breaches at health insurance companies and banks may have given cyber criminals enough personal identification information (“PII”) on individuals to file fraudulent tax returns in their names. In addition, email phishing campaigns remain a common method to elicit enough PII for criminals to submit fraudulent tax returns. Victims of these schemes often are unaware that their refunds have been stolen until they file and are told by the IRS that a return under their Social Security number has already been processed and paid. Richard Weber, who heads the criminal investigations unit at the IRS,recently said that as instances of such fraud have increased, “that’s when we really started to look at what else we need to do to make sure that we are investigating the cases the right way,” – in this case – dedicating a specially-trained unit to these types of cases.
With the creation of this unit, the IRS joins the myriad other government agencies dedicating resources to investigating and prosecuting cybercrime. The United States Secret Service, the Department of Homeland Security, theUnited States Immigration and Customs Enforcement, the United States Department of Justice (including the Federal Bureau of Investigation), among other agencies, all have made cybersecurity an enforcement priority.