CHARLOTTE, NC (FOX 46 WJZY) - Crooks are trying to cash in on data stolen from the Charlotte Housing Authority.
A former employee, who wished to stay anonymous, exclusively sent FOX 46 a letter received from the IRS saying a con-artist electronically filed a bogus tax return in their name.
"This is not uncommon," said cyber expert Tom Jelneck. "And it's becoming more and more of a problem with phishing."
The confirmation that identity thieves are trying to cash in through e-file tax returns comes more than a month after FOX 46 broke the story that CHA fell victim to a phishing scam affecting more than 340 past and present employees.
In January, hackers sent an email pretending to be CHA CEO A. Fulton Meachem Jr., requesting all employee W-2's. A staffer turned over the files, apparently without question, containing employee names, addresses and Social Security numbers.
The spoofing attack is so common the IRS has a name for it - "the Business Email Compromise" - and a warning on its website.
"My best advice," said Jelneck, "is to stand your guard; hold onto your personal info like it's gold because it is."
Jelneck says crooks will have the victim's tax refund sent to a different address or bank account.
"Can they be tracked? I think they can," said Jelneck. "But there's so much of it going on how can law enforcement track down everybody?"
Last year, the IRS identified 30,674 fraudulent tax returns worth $961 million, according to a Treasury Department Inspector General report. The report says the IRS prevented $918.6 million, more than 95 percent of that amount, from being paid out.
FOX 46 asked the IRS how they flag fraudulent returns and how likely arrests are in these cases. An official could not comment.
As an extra layer of security, the IRS gives identity theft victims a special six-digit PIN to be used when filing returns. It's likely whoever e-filed the ex CHA employee's return did not include that number.
The IRS was also given the Social Security numbers of all employees affected by the data breach so those returns likely received extra scrutiny.
"We take the personal security of our employees very seriously," said CHA spokesperson Cheron Porter. "CHA is not aware of any (current or former) employees that have had taxes fraudulently filed. CHA followed the IRS' data loss protocol, which flagged all Social Security numbers impacted."
CHA also provided LifeLock identity theft protection to "every employee" affected by the breach, Porter said.