Hackers are using stolen Social Security numbers and bots to steal your money from the IRS’s E-File system.
It’s tax season, and hackers are once again trying to cash in.
The IRS on Tuesday announced that hackers recently attempted to use some 464,000 stolen Social Security numbers and an automated bot to generate E-file PINs, which can be used to electronically file a tax return. The incident occurred last month, and the hackers were able to successfully access an E-file PIN with 101,000 of the SSNs.
“No personal taxpayer data was compromised or disclosed by IRS systems,” the agency said. It is now working to notify affected taxpayers that their personal information was used in an attempt to access the IRS application. The IRS has also flagged accounts to protect against tax-related identity theft.
As Paul Ducklin, a senior security advisor at Sophos, pointed out, fraudsters are likely trying to take advantage of those who have not yet filed returns.
“This is an ideal time for tax refund fraudsters to get stuck in, filing a fraudulent return in your name, understating your income in order to claim a refund, and then scooping up the refund by having the funds diverted out of your account and into theirs,” he wrote in a blog post.
If hackers are trying to use your SSN, Ducklin suggests the IRS will let you “request a special, stronger form of 2FA [two-factor authentication] from the IRS known as the IP Identity Protection PIN (IP PIN).
“Annoyingly, the IP PIN isn’t available to everyone on demand — only to taxpayers who have already suffered some kind of identity breach,” Ducklin wrote. “We think that the IRS ought to let anyone who wants one sign up for an IP PIN.”
Last year, Turbo Tax temporarily halted e-filing for state returns across the U.S. after it found “an increase in suspicious filings and attempts by criminals to use stolen identity information to file fraudulent state tax returns and claim tax refunds.”