The day a prepaid paypal MasterCard arrived in the mail, Chicagoan Jonathon Shaw says he was tempted to ignore it.
"I’m thinking—what is this, some kind of signup for a credit card? I was not expecting this card to be in my possession at all,” Shaw told NBC 5 Responds.
Shaw put the card to the side and moved on. But the very next day, that prepaid card became a central focus in a growing mystery in his life: his missing 2016 federal tax refund.
“My refund this year is actually my highest refund that I’ve ever gotten,” Shaw said. “Three thousand, eight hundred and twenty dollars.”
Shaw says he called the IRS when his refund took longer than anticipated, and the answer was worse than he could have imagined.
“The local Chicago IRS agent asked me, ‘What deposit information did you give your accountant? What did you file with?’” Shaw says. When he told them, the IRS rep gave a chilling response. “That’s not who we gave the money to.”
What unfolded in the following days is a scenario law enforcement says is playing out across this country—consumers learning their tax preparers' computer systems were compromised by hackers who intercepted emails, obtained personal information, then impersonated the customers in order to intercept and steal their tax refunds.
The IRS issued a warning about the scam in mid-March. (https://www.irs.gov/uac/newsroom/irs-states-and-tax-industry-warn-of-last-minute-email-scams) Among other recommendations, the agency advised both tax professionals and taxpayers to be wary of last-minute changes regarding bank accounts where refunds would be deposited, and mentioned the rise of fraud involving prepaid cards. The agency specifically warned tax preparers to “verbally reconfirm” any such changes with their clients.
Something Shaw’s tax preparer did not do.
The hackers in this case, apparently lurking in the accountant's email system, intercepted an email in which Shaw says he instructed his tax preparer to use the "same bank info" as last year. The email that popped into her inbox was from an email similar to Shaw's, but with substantially different instructions—to route the money to a new bank account, with the routing and account numbers laid out in the email. She complied, and so did the IRS.
Shaw’s refund was diverted to an account at Bancorp, which issues the PayPal prepaid cards. By the time the official prepaid card reached Shaw's home in Chicago, the thieves had already drained the account of all but two dollars of his $3820 refund. The temporary card they bought to activate the account, plus Shaw’s personal information from the hacked emails, was all they needed.
PayPal declined to answer our questions, as did the card issuer Bancorp Bank. Both companies told NBC 5 Responds to direct questions to Netspend, which calls itself the card “program manager.”
Did Netspend follow its own protocol, as laid out in its user agreement, to protect customers from identity theft?
A spokesperson for NETSPEND told us: “Mr. Shaw’s personal information was accessed through identity theft that is believed to have occurred at his tax preparer, resulting in a fraudulent account being opened with money from his tax refund. We will continue to work with Mr. Shaw, the IRS, and local law enforcement to do everything possible to help him recover the funds that are rightfully his. We understand that the Netspend card was opened fraudulently in Mr. Shaw’s name using his personal information taken from his tax preparer. Mr. Shaw is not responsible for this account and is not subject to the card’s terms and conditions.”
Shaw's accountant says another of her clients was also snared by this scam. She says she does not have insurance to cover cybercrime, though that type of coverage is now available to tax and other financial professionals.
With many unanswered questions, Shaw says he has 3,820 reasons to keep fighting.
“This is $3,820 that is mine and somebody else has it. How did this happen? I want to find this money and I want to figure out who did this.”