ID Thieves Use IRS’s Own Website to Snare Victims
Posted June 11, 2015
Security Expert Brian Krebs Says 100,000 Taxpayers’ Info Compromised by Cyberthieves Using IRS’s “Get Transcript”
If the feds are looking for the cybercriminals who used the “Get Transcript” feature on the Internal Revenue Service’s website to steal fraudulent refunds, we have a partial description. Look for somebody with the nerves of a cat burglar and conscience of an able-bodied driver who parks in a handicapped zone. Oh, and that somebody (or a group of somebodies) would likely be sporting $50 million — the amount it’s thought the criminals made off with in fraudulent refunds.
On his blog — KrebsonSecurity — Brian Krebs cites an Associated Press story that says the IRS was alerted to the thieves when technicians noticed an increase in the number of taxpayers wanting transcripts from “Get Transcript.”
According to Krebs, the IRS told the AP that from February to mid-May, “200,000 attempts were made from questionable email domains, with more than 100,000…successfully clearing authentication hurdles.”
To get the full story from Brian Krebs including his interview with John Valentine, chair of the Utah State Tax commission, go to his blog, KrebsonSecurity.