Marketing experts say that there are few words as powerful to persuade as “free.” One enterprising scamster took that concept and ran with it to steal unsuspecting taxpayers’ tax refunds.

While living in sunny San Diego, Maxim Maltsev of Russia, blended the persuasive power of the word “free” with the fact that the IRS has a free electronic tax return filing program, and harnessed the awesome reach of the Internet, to steal tax refunds owed to ordinary taxpayers, looking to get their returns prepared and filed as quickly, easily and cheaply as possible.

Maltsev admitted in federal court in California that he was part of a conspiracy to obtain federal income tax returns requesting refunds before they were electronically filed with the IRS.

The success of the scheme depended upon taxpayers being fooled into using apparently free electronic tax return filing services which were, in fact, fake.

This was possible at all because the IRS sponsors a program called “Free File,” which allows taxpayers who are “eligible” to prepare and electronically file federal tax returns for free. And, most taxpayers are eligible to take advantage of the Free File program.

For example, in 2006, the time period when Maltsev carried out his scam, approximately 70% of all taxpayers were eligible to use the Free File program. Also at that time, there were 19 Free File affiliate companies formally approved by the IRS.

These approved affiliates linked to the IRS’s official website, making possible the electronic filing, and facilitating taxpayers taking advantage of this program.

Maltsev and coconspirators (three friends of his) created websites which appeared to be Free File affiliates. The Maltsev crew then advertised their bogus sites on the Internet and through email. Taxpayers taken in by the scam filled out their income tax returns online on the websites of the fake services Maltsev & company created.

Before actually filing the tax returns with the IRS, Maltsev’s fake services changed the taxpayers’ banking information so that refunds would be sent to one of Maltsev’s own bank accounts instead of the bank account belonging to the actual taxpayer.

Maltsev’s scheme then actually filed the modified tax returns with the IRS by submitting them through the real Free File affiliate websites – those 19 affiliate companies which were actually approved by the IRS.

Ultimately, Maltsev’s scam took in more than 65 taxpayers and it redirected (i.e., stole) approximately $136,000.

In 2009, Matsev was indicted for his 2006 crime, one count of conspiracy to defraud the United States. He pled guilty and was sentenced to 18 months in federal prison and ordered to repay $136,000 to the Internal Revenue Service.

One former employee of American Express has taken its slogan, “Don’t Leave Home Without It,” to a new extreme.

Not only did he or she feel (presumably) obligated to carry his (or her) own card (assuming he or she was a cardholder), but also this ex-employee stole account information of other cardholders, so that the don’t-leave-home-without-it security blanket of one’s own card might be multiplied by that of all the other people’s cards whose information this ex-employee stole.

Unfortunately, for the ex-employee and fortunately for all the other cardholders, this scheme was uncovered and the ex-employee caught. (Question: was the ex-employee still actively employed by American Express at the time he or she was caught?)

Today, some American Express cardholders received a letter with the not-very-encouraging opening sentence:

“I am writing to inform you of an unfortunate issue concerning your American Express Card.”

American Express then explained what it meant by an “unfortunate issue”:

“We recently learned that certain account data was acquired without authorization by an employee who is no longer with the company”

Translation to plain English: when the former employee “acquired” “account data” “without authorization” he or she stole personal information of American Express customers which might be used to fraudulently charge their cards.

According to American Express, the rogue ex-employee stole data stored on the magnetic stripe on the back of the customers’ American Express card:

• the card holder’s name,
• account number,
• card’s expiration date,
• PIN number
• card holder’s state of residence, and/or
• card holder’s residence zip code.

American Express’s bad-news letter, apparently searching for a silver lining, stressed that the card holder’s social security number was not among the stolen information.

In a telephone call with American Express today, a representative named Patty,  gave more information:

• The alleged perpetrator was arrested in Phoenix, Arizona on June 24^th, 2009.
• The stolen information was downloaded to a laptop computer.
• The case is being prosecuted in federal court, not state court.
• Identifying information about the perpetrator (i.e., name, gender, position at Amex when in its employ, job position, title and his or her responsibilities) was not available to the American Express representative with whom I spoke.
• Amex has hired an outside security firm to assist it in dealing with this case (it is not clear who that outside firm is or what it is doing for American Express, but, but Amex has definitely hired somebody to do something).

American Express’s representative stated today that the number of accounts which were affected by this security breach and theft was unavailable.

Later in the same conversation she said that “very few” accounts were affected. But still, the American Express representative did not have any more detailed information to describe how many affected accounts qualified as “very few.”

Internet searches for additional information about this security breach have yielded nothing, so far. Searching the website of the United States Department of Justice for the US Attorney’s Office in Phoenix also showed nothing. No press releases regarding arrests, arraignments, indictments or anything else.