Thieves could be spending your tax refund right now, and you wouldn't know it until you try to file your taxes.
It's happening across the country and in the Valley.
Kelli Branscomb and her husband were busy preparing their taxes at their Mesa home.
They used TurboTax online and put bits and pieces of information in, until they were finally ready to file.
But when they did, they got a shock.
"It said pending, which means our return had been submitted to the IRS for acceptance or approval," Kelli told me.
She says someone else used their Social Security numbers.
"We didn't sign it or verify the account number. We did not send out our return," she says.
Also in Mesa, Alisa Scott prepared her taxes using the TurboTax software.
"I got all the way to the end to submit it and immediately it comes back with a message that says the 2013 taxes have already been filed for my Social."
Somehow, someone had taken their information, filed their taxes, and stole their refunds.
In Branscomb's case, thieves took more than $4,000.
Both women say they called TurboTax but didn't get anywhere.
Then they reported it to the IRS.
I talked with Brian Watson, with IRS Criminal Investigations about the problem.
"It's huge. We've had to devote a lot more attention to it."
Watson says the IRS is going after these tax cheats and has been successful.
He read off a list of people charged. One of them had allegedly taken more than 2 million dollars.
On Friday, a Federal Grand Jury indicted a Valley woman, Kimberly Stewart, for multiple counts of tax fraud.
The IRS claims Stewart prepared dozens of fraudulent tax returns and took thousands in refunds that weren't hers.
The indictment even accuses Stewart of filing a tax return for her deceased mother and claiming a refund of more than $6,000.
"This is not just a victimless white collar crime where you just get a slap on the wrist," Watson says.
"They may not physically hurt you, mug you to get the money, but you're going through a lot of stress."
Branscomb is disappointed with TurboTax, saying the company gave her few answers.
She can't say for sure how someone got her information. But says she does believe there should be more required than just a user name and password to get into accounts.
"They don't even need your Social Security number to get in, but once they do get in, they have everything. It's all right there," she says.
That's because past returns can be imported to make it easier when new returns are filed.
"There should be other security measures to get your information. I don't know if it's specific questions. There should be something more."
In an email to Branscomb and shown to us, TurboTax says thieves used a Medford, Oregon computer address.
They say that wasn't enough to trigger additional security questions.
TurboTax sent us several responses:
"Joe, we have proactive monitoring in place and I can tell you definitively that no Intuit (TurboTax) servers were accessed.
Unfortunately, tax fraud is on the rise and IRS has made several public communications on the topic and has tightened its fraud filters to detect suspicious activity. We have done the same to take every possible action to safeguard customer information.
This is a case where an identity thief stole a username/password outside of the tax filing process and then used tax software to file a fraudulent tax return. The foundation for Intuit's fraud prevention program is the safeguarding of our customers' information. We have a proactive fraud risk management process in place to prevent, detect and respond to suspicious and fraudulent activity as we've done here. In addition, we actively collaborate with others in government, IRS and the IRS criminal investigation division as well as the financial services industries to continuously improve our fraud controls."
Watson says the IRS has increased filters to weed out thieves. But he says, checking every detail on every return would take a very long time.
"We could potentially set it up where there would be very little ID theft on tax returns, but would the public be willing to wait six months to get a tax refund. Most people would say no, so we have to walk that fine line," Watson says.
He says the key to protecting yourself, is protecting your Social Security number.
"Sometimes it's the computer sites you go to clicking on links. It could be because you don't have anti-virus software on your computer. Maybe someone broke into your doctor's office and stole medical records that had Social Security numbers. It could happen by a breach at a store where someone hacks in," Watson says.
Both Branscomb and Scott filed complaints with numerous agencies. The IRS is investigating both cases.
The IRS website has more information about tax fraud,