I don't get it!

If the bogus returns were filed using Drake then even if the crook tries to hide IP, Drake has to allow that person access to E-File using a valid EFIN?

Drake did authenticate all the EFINs at the start of the season.

So in my mind the only way a crook could get in and e-file using a valid EFIN belonging to another preparer is that they have the Drake software and they know the password of the legit EFIN user. Remember that in Drake software you have to enter your EFIN and the password that you created to access your account to E-file.

How about changing the password of the legit Drake user's account and see if this problem continues.

The unauthorized use of my EFIN occurred at the end of last year. The person filed 109 returns using my EFIN at the time. I didn't discover it until January when I logged in to Drake support to get a list of my e-filed returns. That's when I saw all the fraudulent ones listed, and I freaked out. Drake told me to call the IRS and get my EFIN deactivated and get a new one, then FAX the authentication to Drake. I tried to report the fraudulent activity to the IRS at that time, but they didn't want to know about it. I even tried the fraud dept and they didn't even want to know about it. Three different people at IRS told me that there was no way that anyone could get hold of my clients' info just by having my EFIN and somehow being able to successfully e-file with it, so I finally decided to believe it. But somebody got the info and is using it to e-file fraudulent returns again this year, but they are not doing it through Drake because that got stopped when I got my new EFIN and changed my password. I've actually changed my password twice since, because I'm freaked out about somebody getting in again and I want to be hard to track.

So it was last year that the EFIN got misused, but at that time the person didn't have my clients' info, or rather they probably had it but I'd already filed them, which is how he got the info I suppose. This year it's my former clients who are getting rejected but new ones aren't because the crook didn't have access to their info. Now with all these rejects I'm starting to worry that somebody will find a way to get my new clients' info, too. I got so freaked out that when I got calls of people looking for a tax preparer, I told them I was booked. Actually, I am, because I'm a sole proprietor with no employees preparing tax returns and putting out fires and counseling my victims of identity theft, all while doing my own investigation of a federal crime.

Being new to Drake for 2012 returns filing in 2013 - some of what is posted seems to be "maybe" a security breach, Drake start of 2014 for 2013 Filings was asking for a lot of user's to furnish the documentation for EFIN -- as in now! I know I had to furnish for first time use on Drake last year on my original sign up - but nothing for this year.

How information from Drake might have been hijacked I don't know - it worries me now and how secure we are with our information submitted to our software providers.

Any more thoughts and experiences would be greatly appreciated.

Sandy

Manyhappyreturns, I think your original posting was a bit confusing because it led us to believe that the crook is e-filing through Drake for 2014 tax season. Now that you have clarified that it happened last year it appears to me that someone (perhaps an ex employee or asociate or even a rogue employee at some transmitter) got hold of your client list including ss# and they are e-filing through another software NOT Drake for 2014 season.

Am I to understand that any new client that you did not file last year is ok. filing via Drake this year? If yes that wil prove someone got hold of your old client list.

Did you get any virus or Trojan horse infection on your computer last year? It is possible a crook downloaded your entire client database?

If you got virus or trojan horse infection, please have your computer professionally treated. Some of these nasty bugs hide and only pup up when you are not looking. Those free anti virus software are no match.

How it all unfolded

Sorry about the confusion from my 1st post, but when I wrote that, I was just starting to see a possible problem and wasn't connecting it yet to what happened last year. The person who hijacked my EFIN last year filed fraudulent returns, but none of them were my clients. I didn't discover it till early January when I logged on to get a database list to prepare for 2014 tax season. I had 3 different people at the IRS assure me that there was no way anyone could have gotten my own clients' info just by somehow managing to file returns using my EFIN. None of them wanted the list of names and socials that were fraudulently filed. I found this strange but I have never understood the ways of the IRS, so I moved on. I had plenty to do anyway. They told me all was safe now that I had deactivated my old EFIN and had a new one. I changed my password at that time for e-services and Drake, just in case.

My tax filing season started out normal. Then on Feb 4 I had my first reject due to duplicate return. I made sure it was the correct SSN and that it wasn't me filing twice. I'd had 2 of these before, 1 in 2012 and 1 in 2011, so I was familiar with the general procedure and I called the client in to do the necessary steps. Then on Feb 8, my 2nd one came along and I thought that was strange but everybody was saying that ID theft is multiplying rapidly. Okay, bummer, but got to take care of this one, too. That's when I started posting on the Drake forum. I got a few answers from people, but still it could have been that ID theft is indeed getting more rampant. Then 2 more came on the 10th, and I started thinking this was not normal, and after that, my timeline is kind of a blur because I was figuring out that somehow I'd been targeted and all my clients' info had been compromised.

Since then I've been on the phone to several IRS people, several Drake support people, other tax preparers, and getting feedback and suggestions on this board and the Drake forum, and like I said, my timeline is all kind of a blur because this is very upsetting. Also during this time I've had 4 more rejects and have had to take care of them, all while trying to get as many tax returns done as possible to see how big the scope of this breach really is. I've been so emotionally distraught that I have missed obvious clues along the way, like the fact that my EFIN was used last year to file THROUGH Drake, so maybe that's where the breach was. This could have all been allowed through one person's inadvertent carelessness, or by a rogue employee (present or past) of the IRS or Drake, or anywhere along the way I suppose.

My attempts to get to the bottom of this have all proved fruitless, but of course it's difficult to track down a cyber criminal, especially one as smart as this one appears to be. He knows how to block his IP address and knows how the tax system works and knows how to navigate in Drake software and to e-file in other ways as well. I feel so violated and I feel so badly for all my innocent clients.

It seems like the IRS should be interested in helping get this stopped before this person does further damage, or at least helping protect my clients from further damage. Now that the rejects are coming in at a greater percentage, which I believe is rapidly getting to the 100% if not already, maybe they will listen and flag all of my clients' SSNs. As of 2 days ago when I had 6 rejects, they wouldn't. Now I have 8, and I'm going to file as many as I can in the next couple of days so I have a better case to present. But I only have 5 or 6 who will be ready to file soon. Not sure if that is enough to have solid case.

Well, I've got work to do, so I'd better get going. I will surely welcome any suggestions and any prayers

many unhappy returns

WOW your story is disheartening! Your clients that are being rejected this year will NOW have to wait between 6 months and 1 yr for their refunds once they go into the identity theft "program" with IRS? I believe someone earlier suggested contacting your Congressperson and I think THAT is your best bet at this point! Let them know the scope of the problem and how many of their constituents are being affected!! I am experiencing my 1st case of ID theft on a return this year! You would think it would be very easy to track back to where a refund went but IRS says "you will never know if or when we resolve this issue with the thief"! In the meantime, NO we can't get your legitimate refund to YOU any sooner?!?!?!?

more like many unhappy clients

And one very unhappy preparer. This is awful. Thanks so much everybody for your support and encouragement and advice. This is what I do when I can't sleep at night, which is every night these days. One good thing that has come out of this is that I've lost 10 lbs in the last week, although I wouldn't recommend this for a diet plan. I'd much rather be fat than be dealing with this.

Ok. Here is what I think is going on:

1) The crook got your prior EFIN and filed returns using that BUT none of them were your clients. Just your EFIN was used to file through Drake. That is how you figured out that you were hijacked when you printed your e-file list in 2014.

2) Drake made every preparer submit ownership of their EFIN. So that took care of the crook NOT repeating the same BS through Drake.

3) 2014 season the crook is e-filing using some other EFIN (because your original EFIN was deactivated by IRS) using some other transmitter BUT now he is filing your clients.

This leads me to conclude the crook somehow managed to get hold of your client database and knows the ss# and other filing details to file bogus returns.

How could this happen. Possible scenarios:

1) Physical breach of your computer. Someone logged in and downloaded your client files.

2) A rogue ex employee somewhere in the pipeline who had access to your client database in electronic format.

3) A hacker who planted a Trojan Horse or Keylogger type program to siphon off your data files.

I think to make sure #3 has not happened, I would reinstall my entire operating system and programs clean. I have done that myself few times when I suspected virus infection or other slowness of my system. If you are not up to it, get a computer nerd to do it for you.

If IRS really wanted to find out what is happening, they should be able to link the ss# of the client to the EFIN that submitted the bogus return to the Submitter ID of the transmitter and at least find out where the returns are being filed from. The transmitter must get adequate proof beforing letting someone e-file through them.

Does a Transmitter (Drake in this case) keep a copy of an EROs client files in their system? If they do not, then it would be unlikely a crook would accumulate all the EROs client data from the Transmitter.

Obviously they do or manyhappyreturns wouldn't have been able to see the 100 bogus returns submitted through their account last year on Drake's website (I would guess some kind of report they have?)

I have not heard of any other program provider request ERO verification. Drake may have a problem and not telling anyone??????????????????

Taxwise (CCH) was doing that last year. And I believe I saw a notice from TaxAct to its users to submit verification of EFIN.

I think it would be negligence on part of a transmitter to not demand proof of EFIN ownership.

EFIN verification is not specific to Drake. They're all supposed to do it. See the 12/12 alert: http://www.irs.gov/pub/irs-utl/Quick...ember_2013.pdf

ERO verification

It's my understanding that most providers ARE requiring annual ERO verification ??

Seriously doubt if Drake is doing such on their own. . .

FE

Taxact did make users send in verification.