The IRS Breach Worsens as More Taxpayers Learn Their Tax Information Has Been Stolen

Next year, when you go to file your tax return, you may be surprised to learn that it has already been filed for you. That’s because the number of taxpayers who may have been compromised by the May IRS breach has been revised upwards. The IRS first reported that 100,000 tax payers may have been compromised. They now claim, after further investigation, that that number has increased to around 330,000. Don’t be surprised to see this number revised even further upwards as the investigation continues. In compensation, the IRS will mail the victims letters warning them that their personal information may have been stolen. What more can you ask for? As for the hackers, they either have received, or will likely receive, a nice refund in your name. They could also use your information for various forms of credit fraud. But how, you may wonder, did they do it?

Here’s one way. If you want to get a transcript of, let’s say, your last tax return, you can use the IRS’ ‘Get Transcript’ service. You will have to supply some identifying information (name, date of birth, Social Security number and filing status) and answer four more general personal information questions (i.e. a previous address) to do so. This may seem safe until you realize just how much personal information has fallen into the hands of criminals. Although it is impossible to say who may behind the IRS hack, (and the IRS isn’t naming names) my money’s on the Chinese. This is because Chinese hackers are in control of volumes of personal information gleaned from the OPM breach, numerous insurance site breaches, and breaches of educational institutions, among others. The IRS admitted that the attackers probably got information from outside the agency in their official statement which claimed, “the IRS determined unauthorized third parties already had sufficient information from a source outside the tax agency before accessing the “Get Transcript” application. This allowed them to clear a multi-step authentication process, including several personal verification questions that typically are only known by the taxpayer.” To clear such a hurdle, someone would have had to have a great deal of personal information, and, let’s face it; the Chinese government probably has more personal information on US citizens than anyone besides the US government.

In total, there were over 600,000 attempts at getting into the ‘Get Transcript’ service, so not all of them succeeded. Then again, they don’t all have to. It is important to note that if 600,000 attempts were made (so far) then the attackers must have believed they actually had enough personal information to compromise the ‘Get Transcript’ service. The IRS admits that “some of this information may have been gathered for potentially filing fraudulent tax returns during the upcoming 2016 filing season.” They further warn that “as further analysis is done, we may uncover evidence that personal information of others, such as spouses and dependents of the taxpayers already identified, was also compromised”. In other words, we all have something to look forward to.

WARNING: The IRS has announced that they will notify those affected by the breach. This is a signal for scammers to make up an authentic looking email, seemingly from the IRS, stating that the recipient of the letter is among those whose personal information has been compromised. Receivers of such a scam email may be told to click on an attachment (which may be given the name of an official IRS form) or to visit a website to fill out a form. The IRS states that they will ask for no personal information in their official emails so be careful of anyone claiming to be from the IRS who asks for such information. Some of these phishing emails are designed quite well. Below you can see an example of one of the better phishing attempts from the IRS site.

irs phish

This email could probably fool a few people. The IRS also claims that some phishing emails direct the recipient to access the ‘Get Transcript’ service. Others send the recipient to a page that is a clone of an IRS page, so the unsuspecting can be easily conned. In short, it looks like things will get worse before they get better.

(For more information on hacking and the IRS, see my post on the topic)

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s