This is not the first time in recent months that the IRS has disabled the e-File PIN as the result of suspicious activity.3
As of January 2016, the IRS detected an automated attack against its e-File PIN application.4
The January 2016, e-File PIN attack involved hackers collecting personal information from other sources and then using the Social Security Numbers of those people to generate e-File PINs.5
According to the IRS, approximately 464,000 Social Security Numbers were involved and the hackers successfully generated e-File PINs for 101,000 Social Security Numbers.6
The IRS had already been considering scrapping the e-File PIN application at some time in 2016, but the integration of a number of commercial tax applications with e-File PIN led to the IRS choosing not to do away with it after the first reported attack against the application earlier this year.7
How Can You Protect Yourself?
One of the key findings in the IRS alert released on June 24, 2016, is that in the January 2016, attack, the criminals used information they obtained from other sources to attack the e-File PIN.8
Information that the hackers used included:
Ask yourself how many of the above things can be found about you online. Think about the information you share on websites like Facebook, LinkedIn, Twitter, and Instagram. If the above information is available on any of your online accounts then you are making it easier for hackers to use your information in attacks. Remember, hackers can obtain this information from other sources too. One non-cyber way hackers can collect information to use in a follow-on cyber attack is impersonating the IRS during phone calls.14
Of course hackers can attempt to collect information about you through a variety of media including phone calls, text messages, emails, and faxes.15
Here are some extra tips on how to keep yourself safe.
- Limit the amount of information you provide to websites.
- When you provide personal information to websites make sure you are on an encrypted connection.
- Do not do any sensitive work (filing your taxes, accessing your bank account, or paying for things online) on the same computer you do heavy web browsing.
- Regularly update your anti-virus.
- Regularly run full anti-virus scans of all of your systems (computers and phones).
- When a virus is found on your computer, immediately take appropriate security steps to secure all accounts that have been accessed from that computer and verify that the infection is properly removed from your computer.
- Keep the operating system on your computer completely updated.
- Keep programs on your computer like Java and Flash completely updated.
- Enable the firewall on your computer and make sure it is configured to block unauthorized inbound traffic.
- Never reply to unsolicited emails requesting sensitive information. If you receive an email requesting information contact the sender by phone or in person to confirm they sent the email and if they need the information they asked for arrange to provide the information in person or using encryption.
If you believe you are a victim of an IRS scam or are suspicious about a phone call, text message, email, fax, or letter in the mail requesting information claiming it is from the IRS report the incident with the IRS following the directions on their website. You should also notify your IT provider.