Security News > 2022 > November > Group indicted for breaching CPA, tax preparation firms via stolen credentials
The defendants purchased on the dark web server credentials for the computer servers of Certified Public Accounting and tax preparation firms across the country.
They used those server credentials to remotely and covertly commit computer intrusions and exfiltrate the tax returns of thousands of taxpayers who were clients of those CPA and tax preparation firms.
Members of the enterprise created and operated at least six fraudulent tax preparation businesses in south Florida, and used those businesses to file many of these false tax returns.
To make the businesses appear more legitimate, members of the enterprise opened bank accounts in the names of these fraudulent tax businesses to receive fake "Tax preparer fees." Members of the enterprise also registered with the Internal Revenue Service preparer tax identification numbers using the names and information of identity theft victims, to make it appear that those victims were the individuals who were filing false returns in bulk.
In other iterations of the charged RICO conspiracy, members of the enterprise "Hijacked" the IRS-issued identification numbers of CPA and tax preparation firms and used those identification numbers to file scores of additional false tax returns.
Members of the enterprise filed false self-prepared tax returns using stolen identities as well.