IRS Reenables Feature That Hackers Used to Steal Tax Returns
In February 2016, the Internal Revenue Service (IRS) estimated that there were approximately 724,000 victims of tax fraud in the 2015 tax-filing season. This is the third revised estimate; in August 2015 they reported some 330,000 tax payers were victimized, up from the May 2015 estimate of 100,000.
The tax refund fraud of 2015 was caused by the “Get Transcript” feature on the IRS website, which allowed taxpayers to receive a copy of their 2014 tax transcript. The IRS suspended this feature after they realized in May 2015, which was when they became aware that “Get Transcript” was actually facilitating cybercriminals by giving them access to sensitive information that they did not already have. All it took was about $10 for the fraudsters to purchase credit data, and they were able to transfer their victim’s refund into a fake bank account, opened with the same data from their $10 purchase.
That is an ROI of 599%. Not a bad investment.
The “Get Transcript” feature remained suspended, until June 9, 2016, when they announced a Grand Re-Opening, complete with added security and authentication requirements. According to their Get Transcript FAQ page.
Additionally, the updated feature will require users to answer more difficult knowledge-based authentication questions.
Are these new security measures strong enough to actually protect tax payers from the fraudsters?
Though it may be a little bit better, it is unlikely to completely deter the hackers, who can still gather the necessary information from credit report sites, who have NOT put any additional verification questions or security in place. In most cases, these sites ask multiple choice whose answers can be guessed, bought cheaply online or looked up on real estate or social media sites.
So while this is a definite step in the right direction, it is unlikely these new measures will prevent future tax refund fraud.
To find out how secure your information is, please give us a call or send us an email. At Petronella, your security is our top priority.