The IRS have passed the buck again by stating that the recent massive compromise is as a result of customers’ own security failure. They are blaming the taxpayer for weak security and posting their data elsewhere on the ‘net. Also, the breaches have been attributed to phishing e-mails which the IRS says are up by 400% on the last year. A revised estimate issued by them puts the number of people possibly at risk of compromises by data breaches currently at around 720 000. Hackers are using online details and fake IRS/IRS-related e-mails. These phishing attacks are carried out using e-mails that appear to come from either the tax office or a tax-related/IRS certified company, trying to get adequate taxpayer details to file false tax refund claims. The ‘mail has a link that diverts users to a convincing, official-looking ‘site that requests tax related questions. The IRS website informs taxpayers: ‘The IRS does not initiate taxpayer communications through email. Unsolicited email claiming to be from the IRS, or from an IRS-related component such as EFTPS (Electronic Federal Tax Payment System), should be reported to the IRS at firstname.lastname@example.org.’
The on-line ‘Get Transcript’ program that was started two years ago and has been under fraud attack. This is a program that allows a taxpayer to go on-line and examine their tax history. What is needed for this is an E-File PIN and SSN (Social Security Number). Nearly half a million SSN’s were compromised elsewhere last year and the IRS transcript facility was suspended. Many taxpayers who were victims of the various breaches were only aware when their annual returns were rejected because the hackers had already filed one. An undisclosed number of cases, fraudsters successfully received the refunds.
The latest phishing scam comes in an e-mail claiming to be from TAP (Tax Advocacy Panel) that requests information from the user in order to process a tax refund that is owing. This is a great example of the social engineering (or psychological manipulation). It is being used with increasing skill to exploit victims’ basic responses (in this case used to gather the necessary data required for fraud by promising financial reward). TAP are a voluntary panel who help advise the tax service on behalf of general customer needs to improve policies – they DO NOT have access to taxpayers’ records and will NEVER request personal details. Here are ways to safely complete your tax returns:
- Read and bookmark this link , Tax-Scams-Consumer-Alerts and check it regularly;
- Harden Passwords, change them regularly and never duplicate/reuse;
- ALWAYS disable ‘auto-log-in’ if the option is presented on a ‘site;
- Monitor Credit Reports regularly; look for anything suspicious or unusual (a certain number of these are available free each year);
- Ensure security of ALL on-line IRS-related services by researching the company and their credentials fully before sharing any information – if you’re approached first by a firm, this is either ‘spam or fraud – report this to the above IRS address ;
- Scrutinize third party tax-related services, and their on-line facilities regarding security. Does their website have:
lock-out features that allow only a limited number of incorrect password entries? Do they have security questions? Does their website log-in require a hardened password? If the answer is No to these questions, it’s recommended to find the required service provided with better security;
- Carry out email verification – check addresses VERY carefully and delete any unsolicited ‘mail (remember the above IRS statement about ‘mail);
- Your SSN does not need to be given to anyone not IRS-related AND trusted (leave any other forms that request this blank);
File a tax return as early as possible.
Tax costs us enough as it is, but it keeps a country running. Loses due to large-scale theft have to be paid for someway, or services have to be cut. Who pays for this? The taxpayer. Take a little care and don’t let these scumbags profit from your labor!