14 DAY TRIAL // Tax accounts of about 100,000 US citizens have fallen into the hands of cybercriminals, who authenticated to an Internal Revenue Service (IRS) system using information from external data breaches.
In an official announcement on Tuesday, the IRS informed that the perpetrators gained unauthorized access to the tax records via the “Get Transcript” application, which requires a person’s social security number (SSN) and answering some personal questions for identity verification purposes.
Financial data protected by poor authentication mechanism
These details are collected by different other organizations in the healthcare, financial or educational sector, who are often the victims of data breaches.
The correct answers to personal questions are not difficult to find since they do not change and are also available from stolen information caches exchanged on underground forums.
Armed with these details, the cybercriminals were able to register an IRS account under the name of a taxpayer and file fraudulent tax return reports, and cash in the money.
A common scheme is to have the funds transferred to someone tricked into believing that the payment is for a previously discussed job. However, the amount is more than initially arranged and the victim is instructed to wire transfer the difference to the crook.
Get Transcript online service offers details about “tax account transactions, line-by-line tax return information or wage and income reported to us for a specific tax year.”
Fraudulent tax returns are far from being uncommon and the business is profitable, as millions of dollars are made.
Illegal registrations started since February
The IRS noticed unusual activity on the application late last week, suggesting unauthorized access. There were 200,000 data access attempts, and about half of them were successful. A review of the incident revealed that cybercriminals resorted to this tactic since February and continued all through mid-May.
The Get Transcript online application is now shut down and it will remain so until modifications to strengthen its security are completed.
The IRS stresses the fact that the incident was not caused by an intrusion on its systems for tax filing submission.
All 200,000 individuals whose SSNs were used to sign up at IRS.gov will be notified that their sensitive information, both personal and financial, has been compromised and used in fraudulent activities.
The 100,000 taxpayers whose tax info was accessed will receive free credit monitoring services to ensure that data is not used for identity theft purposes or other nefarious operations. “The IRS emphasizes these outreach letters will not request any personal identification information from taxpayers,” the government agency informs.
Speaking on the incident, Eric Chiu, president at HyTrust said that threat actors "are on the hunt for our personal and financial information using data stolen from other breaches to gain a larger amount of information on those same individuals. The outcome of this could be devastating to consumers -- attackers can potentially open new accounts, siphon off funds and ultimately steal the identities of the victims."