Obama's final budget is full of big, but unlikely to be fulfilled, tax and spending ideas
Full, permanent Internet access tax ban approved

Hackers try, but fail, to get into IRS e-filing PIN system

And the tax hacking continues.

The Internal Revenue Service says that crooks recently unleashed an automated attack upon its Electronic Filing Personal Identification Number, or e-filing PIN, application Web page.

The cybercrime attempt failed.

Robots-using-computersIRS stopped an automated bot attempt by identity thieves to obtain e-file ID numbers that could have been used to claim fake refunds.

As all taxpayers who e-file their returns know, the IRS must verify your identity by your entry of your Self-Select PIN or your adjusted gross income from your prior year tax return. If you don't have either of those pieces of info, you can get an e-filing PIN at IRS.gov so you can electronically submit your return.

Third-party, not IRS, date used: The good news for taxpayers, according to the IRS, is that the hackers did not get their hands on any personal taxpayer data.

The crooks apparently used individuals' personal data, including Social Security numbers, that had been stolen elsewhere, not from the IRS website. The identity thieves then used malware to try to generate e-filing PINs for those ID numbers.

IRS officials say the hacking occurred last month and involved an automated bot. The agency has identified unauthorized attempts involving approximately 464,000 unique Social Security numbers, of which 101,000 were used to successfully generate an E-file PIN. 

Those PINs, however, are now useless, since the IRS blocked the attack.

Commissioner comments: IRS Commissioner John Koskinen, who was at a Senate Finance Committee hearing Feb. 10 regarding the president's fiscal 2017 budget request for the agency,  was asked about the attack.

He told the Senate tax panel that the automated attacks "moved from country to country, as they were shut down, you could see actually the attacks then moving around the world," seeking new ways to get into the IRS system as others were blocked.

"Fortunately with our improved systems we were able to catch it quickly, and shut it down as equally quickly," Koskinen said.

Stay alert for other scams: Although the taxpayer data connected to the ID numbers that were used to create, or try to create, the e-filing PINs is secure, the IRS says it is notifying affected taxpayers by mail -- so ignore any phone calls you might get from tax scammers trying to piggyback onto this latest tax ID theft effort -- that their personal information was used in an attempt to commit tax refund fraud.

The IRS also is flagging these taxpayers' accounts to protect against any future tax identity theft fake 1040 filings.

This latest report of criminal attempts to get taxpayer data comes on the heels of the IRS system shutdown. That event, which lasted around 24 hours starting the afternoon of Feb. 3, was due to a hardware failure and not, says the IRS, connected at all to the e-filing PIN situation.

Last year, another case of crooks using third-party information was more successful. Hackers were able to get into and shut down the IRS' Get Transcript online application

The agency obviously learned from that hack in May 2015. As for this latest, but surely and sadly not the last, security breach attempt, the IRS says it is keeping a keen eye on its e-filing PIN page.

You also might find these items of interest:


Feed You can follow this conversation by subscribing to the comment feed for this post.

The comments to this entry are closed.