It’s Very, Very Easy for Hackers to Steal Your IRS Account

It's Very, Very Easy for Hackers to Steal Your IRS Account

The only thing that sucks worse than doing taxes is a hacker stealing your identity, doing your taxes for you, and then depositing your return in a random bank account, where they can later collect the bounty. Sound impossible? It’s not, according to the story of an unlucky man named Michael Kasper.

Long story short: You should register your IRS.gov account, because it’s frightfully easy for hackers to do it for you. That’s what happened to Kasper, who recently recounted his horror story to veteran security reporter Brian Krebs. An enterprising crook managed to register Kasper’s IRS.gov account, request a transcript for his 2013 tax return, and then use that information to file a 2014 tax return successfully. The money from the return went to the bank account of a random student, who then sent the money via Western Union to Nigeria. She’d been hired off of Craigslist for a moneymaking opportunity and didn’t realize she was doing something illegal. (Pro tip: Assume every "moneymaking opportunity" on Craigslist is illegal unless they can prove otherwise.)

The craziest thing about this saga is just how easy it apparently was to hack into the IRS system. It’s not even hacking really, since the system is protected by so-called knowledge-based authentication (KBA). The fraudsters who broke into Kasper’s account did so by guessing some basic information about his life—information that was readily available elsewhere on the web. A security researcher can do the same thing in a matter of minutes.

Click over to Krebs on Security to learn more about Kasper’s sad story. However, since criminals won’t be able to access your IRS transcript if you’ve already secured the account, you should probably go ahead and go to IRS.gov to lock things down. And just pray that the tax man ups his security game for next year.

[Krebs on Security]

Image via Shutterstock


Contact the author at adam@gizmodo.com.
Public PGP key
PGP fingerprint: 91CF B387 7B38 148C DDD6 38D2 6CBC 1E46 1DBF 22

via Gizmodo
It’s Very, Very Easy for Hackers to Steal Your IRS Account