IRS Breach – What To Do

irs-logoAs you have already heard, cyber-thieves from Russia have compromised the IRS Get Transcript website and were able to get records of previous years’ tax filings in order to file fraudulent returns and collect refunds.  What was special about this heist is that the IRS servers were not breached directly, but that the attackers were able to use data gathered elsewhere, from lists of identity information bought on the Dark Web, and from other sources.  The records on the IRS site were accessed one-at-a-time rather than in the typical batch exfiltration mode.  Currently, the Get Transcript site is closed and transcripts can only be ordered by mail.  The IRS said on their website:

“These third parties gained sufficient information from an outside source before trying to access the IRS site, which allowed them to clear a multi-step authentication process, including several personal verification questions that typically are only known by the taxpayer.

The IRS will provide free credit monitoring services for the approximately 100,000 taxpayers whose accounts were accessed. In total, the IRS has identified 200,000 total attempts to access data and will be notifying all of these taxpayers about the incident.”

Some of the necessary information was acquired by reading a targeted individual’s social networking sites, and from there sites that are publicly accessible.  The takeaway here is that we need to be more mindful of the information we are sharing with our friends, connections, and circles online.  Some of this information is making it trivially easy for a cyber-attacker to access the online accounts of specifically targeted individuals.  We see this coming to play in spearphishing campaigns, where the attacker uses information gathered online to customize the approach email in order to make it more convincing.

The problem with tax refund fraud is two-fold.  The first obviously is the loss of revenue to the taxing authorities.  States’ Department of Revenue are experiencing a doubling of fraudulent claims this year over last year.  The second problem is that if a fraudster has filed a tax return in your name, when you file your legitimate return, the IRS or State Revenue Department will reject your filing, and any refund due you will be tied up in a lengthy fraud mitigation process.  One thing you can do as a filer is get your tax records organized and file your return as early in the year as soon as possible.  If you are contacted by the IRS, you should also sign up for the credit monitoring service.

More information:

0

About the Author:

Cybersecurity analyst, pen-tester, trainer, and speaker. Serving small business owners in the St Paul, Minneapolis, and western Wisconsin area since 2001. Cybersecurity and hacking have been a passion of mine since I entered the computer and networking business in 2000. I hold several cybersecurity certifications including Certified Information Systems Security Professional (CISSP), Certified Advanced Security Pratitioner (CASP), and Certified Ethical Hacker (CEH). Other computer industry certifications include A+, Network+ and Microsoft Certified System Engineer (MCSE). As Cybersecurity Analyst at The WyzCo Group, I help our clients experience high levels of security on their computers, networks, and websites. In addition to consulting on security products and services, we also conduct security audits, vulnerability assessments and full penetration tests. We also work with companies and organizations that need to certify compliance with regulations such as PCI-DSS (credit card processing), HIPAA/HITECH (medical records), and GLBA. We also provide Cybersecurity Awareness Training for clients and their employees. I am a frequent speakers at cybersecurity conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference, the (ISC)2 World Congress, and the ISSA International Conference, and many local community organizations, Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2008.

Add a Comment


This site uses Akismet to reduce spam. Learn how your comment data is processed.