As if meeting the filing deadline wasn’t frustrating enough – 2 major tax season cybersecurity vulnerabilities

As the deadline for filing taxes draws nearer – April 18 this year – almost 100,000 taxpayers were affected in a student financial aid scheme, according to the IRS.

IRS’ Data Retrieval Tool, which helps users fill out the Free Application for Federal Student Aid (FAFSA), was shut down after the tax agency realized the tool had a vulnerability. It was intended to auto-populate forms for families filling out the forms, pulling the information from the IRS itself. But hackers could pose as students and fill in the application with their own data, allowing them to steal returns.

It’s been done before, back in 2015 when data was stolen from over 300,000 taxpayers in order to file fraudulent returns and refunds.

A total shut down wasn’t the agency’s preferred option, but it immediately stopped the abuse of the system while it could investigate the extent of the breach. It should be up and running again in October.

But FAFSA isn’t the only way hackers are targeting taxpayers this season.

Tax season woes

This year has seen a rise in the number of businesses hackers go after, according to research conducted by IMB X-Force. From the 2016-17 tax season, IBM’s researchers say there’s been more than 1400% growth in tax-themed spam aimed at businesses.

Specifically, IBM saw a rise in the number of phishing attacks, with hackers posing as execs to ask HR or payroll for employee W-2s.

But even after the filing deadline has come and gone, there’s still ample opportunity for hackers to get information. A common tactic is to switch up the message and tell taxpayers that there was a mistake in their filing, tricking them into either providing personal information that can then be sold or downloading malware in order to “fix” the mistake.

Here’s the thing: IRS would never email taxpayers to ask for personal information or to have them download software. And if the hackers are pretending to be from popular tax filing services like H&R Block or TurboTax, it never hurts to ask for verification.

Make Smarter Tech Decisions

Get the latest IT news, trends, and insights - delivered weekly.

Privacy Policy