HackDig : Dig high-quality web security articles for hacker

Anthem, TurboTax and How Things "Fit Together" Sometimes, (Fri, Feb 6th)

2015-02-07 05:15

Everybody probably heard of the Anthem databreach. If you are affected, you probably got an e-mail from your HR person with some details by now, or you got a phishing e-mail making sure you can enjoy the Breached feeling even without having a health plan with Anthem.

Whenever there is a big event, be aware that others may jump on the coat tails of the news coverage to take advantage of the general confusion. Hardly any Anthem customers actually hear of the name before, as they typically use a local healthplanthat is part of the larger Anthem network.

If you receive any phishing emails (only got one so far, but I bet there are more out there) , then please forward it.

On the same note: What is someone going to do with your social security number? The standard answer is identity theft and taking out a loan in your name. Either method is actually quite laborious, and people comiting fraud dont do it because they like to work hard for their money. Turns out there is an easier way, and that gets us to the second story today:

TurboTax (Intuit) today announced that they will not process state returns due to excessive fraud. Tax season of course is just heating up in the US, and TurboTax decided to stop processing state returns after at least one state refused to accept them due to a high rate of fraud for returns filed with TurboTax.

Apparently, for your convenience, TurboTax saved the information you submitted in prior years. If you have ever filled out a tax return, this information can be difficult to dig up. To retrieve this information, you need your global universal password: Your social security number. The result is that by using Turbo Tax, and knowing a tax filers Social Security Number, fraudsters can very easily assemble a plausible tax return and pocket the refund. This fraud is often undetected until the actual tax payer submits a return. In this case, the later return is rejected and now the legitimate tax payer has to proof that their return is more legitimate then the earlier one. This can lead to extensive delays in receiving a refund.

---
Johannes B. Ullrich, Ph.D.
STI|Twitter|LinkedIn

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.


Source: ssr;pma&99291=diyrots?lmth.yraid/ude.snas.csi

Read:1238 | Comments:0 | Tags:No Tag

“Anthem, TurboTax and How Things "Fit Together" Sometimes, (Fri, Feb 6th)”0 Comments

Submit A Comment

Name:

Email:

Blog :

Verification Code:

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud