Category Archives: Internal Revenue Service

Student faces two years behind bars for trying to hack into Trump’s tax records

Posted on by

A Philadelphia man has pleaded guilty in connection with a scheme to trick a U.S. government website into serving up the president’s tax returns. Andrew Harris, a student who attended Haverford College, admitted in court last week that he used a school computer and the Free Application for Student Aid website to try to access Donald Trump’s financial records. By opening a FAFSA account in the name of a Trump family member and using Trump’s Social Security number, Harris and another student apparently thought the FAFSA page would populate with Trump’s tax data. The attempt failed when the pair found a username and password for Trump already existed. Harris, 24, pleaded guilty on Sept. 5 to two misdemeanor counts of computer fraud. He faces two years in federal prison and a $200,000 fine. Another man, 22-year-old Justin Hiemstra of Minnesota, pleaded guilty last month. FAFSA is run by the Department of Education, […]

The post Student faces two years behind bars for trying to hack into Trump’s tax records appeared first on CyberScoop.

Continue reading Student faces two years behind bars for trying to hack into Trump’s tax records

Tax prep tools lag in DMARC implementation, advocacy group says

Posted on by

With tax season underway, a cybersecurity advocacy group is warning that vendors of popular tax preparation tools may be unprepared to protect users from phishing scams. Four out of the eight most popular tax preparation software products don’t employ basic protections against email spoofing, according to testing by the cybersecurity nonprofit Global Cyber Alliance. GCA tested the domains of the popular programs to check what settings they employ under the Domain-based Message Authentication, Reporting and Conformance (DMARC) protocol. DMARC is an industry standard designed to detect and prevent email spoofing. GCA’s findings, released last week, are as follows: Reject: Liberty Tax Quarantine: Credit Karma, Jackson Hewitt and Tax Slayer None: Free Tax USA and Turbo Tax No policy: H&R Block and TaxAct DMARC has three levels of protection against emails that try to hijack a particular domain. If an organization employs the “reject” policy — the highest setting — a spoofed […]

The post Tax prep tools lag in DMARC implementation, advocacy group says appeared first on Cyberscoop.

Continue reading Tax prep tools lag in DMARC implementation, advocacy group says

IRS Scam Leverages Hacked Tax Preparers, Client Bank Accounts

Posted on by

Identity thieves who specialize in tax refund fraud have been busy of late hacking online accounts at multiple tax preparation firms, using them to file phony refund requests. Once the Internal Revenue Service processes the return and deposits money into bank accounts of the hacked firms’ clients, the crooks contact those clients posing as a collection agency and demand that the money be “returned.”

In one version of the scam, criminals are pretending to be debt collection agency officials acting on behalf of the IRS. They’ll call taxpayers who’ve had fraudulent tax refunds deposited into their bank accounts, claim the refund was deposited in error, and threaten recipients with criminal charges if they fail to forward the money to the collection agency.

This is exactly what happened to a number of customers at a half dozen banks in Oklahoma earlier this month. Elaine Dodd, executive vice president of the fraud division at the Oklahoma Bankers Association, said many financial institutions in the Oklahoma City area had “a good number of customers” who had large sums deposited into their bank accounts at the same time. Continue reading IRS Scam Leverages Hacked Tax Preparers, Client Bank Accounts

Watchdog: Despite progress, IRS needs to improve electronic fraud detection

Posted on by

A Treasury Department watchdog says the Internal Revenue Service has made progress in improving its identity management controls for people filing their taxes online, but still has some work to do when it comes to identifying fraudulent profiles and activity. The Treasury Inspector General for Tax Administration (TIGTA), which audits the IRS, released a report Thursday appraising the agency’s implementation and improvement of authentication controls. TIGTA credited the IRS for requiring taxpayers to use two-factor authentication to log on to use the IRS’s online services. The auditor also said the IRS improved its ability to automatically to monitor activity across different systems and detect any anomalies. “Using this tool, the Cyber Fraud Analytics group identified fraudulent activity in which fraudsters improperly used data stolen from sources outside of the IRS to successfully perpetrate a small number of targeted attacks,” TIGTA said. However, the auditor added that those monitoring tools need […]

The post Watchdog: Despite progress, IRS needs to improve electronic fraud detection appeared first on Cyberscoop.

Continue reading Watchdog: Despite progress, IRS needs to improve electronic fraud detection

Thieves Nab IRS PINs to Hijack Tax Refunds

Posted on by

Last year, KrebsOnSecurity warned that the Internal Revenue Service’s (IRS) solution for helping victims of tax refund fraud avoid being victimized two years in a row was vulnerable to compromise by identity thieves. According to a story shared by one reader, the crooks are well aware of this security weakness and are using it to revisit tax refund fraud on at least some victims two years running — despite the IRS’s added ID theft protections. Continue reading Thieves Nab IRS PINs to Hijack Tax Refunds