Four tax scams to watch out for this tax season

Symantec Security Response outlines tax-related scams that individuals and businesses should not fall for during each tax season.


Symantec Security Response outlines tax-related scams that individuals and businesses should not fall for during each tax season.


IRS shuts down identity security tool for taxpayers due to security problems

Identity protection PIN tool didn’t offer enough security to bar fraudulent resets.

The Internal Revenue Service has temporarily suspended use of its Identity Protection PIN tool "as part of its ongoing security review," according to a notice issued by the IRS. The IP PIN is supposed to act as an extra layer of security for taxpayers who are at higher risk of becoming the victims of fraud because of personal information leaked in commercial data breaches.

Last year, the IRS shut down an electronic tool for obtaining tax data after a massive fraud operation using stolen Social Security numbers and other data from commercial data breaches managed to extract filing data for hundreds of thousands of taxpayers. This year, the IRS is facing a new wave of fraud, as criminals engage in a phishing campaign to obtain employees' W-2 form data.

On March 1, the IRS issued a warning to human resources departments throughout the US about the wave of phishing attacks—e-mails purportedly from company CEOs directed to payroll or HR employees, usually with text such as:

Read 6 remaining paragraphs | Comments

Seagate employees’ W-2 forms exposed in another payroll phish

A forged e-mail from CEO pays off again, may be tied to tax return fraud.

Storage device manufacturer Seagate's executives informed employees last week that their income tax data had been shared with an unknown outside party as the result of a targeted phishing attack. On March 1, a Seagate employee sent the data to an outside e-mail address after receiving an e-mail purportedly from Seagate's CEO Stephen Luczo requesting 2015 W-2 data for current and former Seagate employees. The employee, believing the request to be real, forwarded the W-2 reporting data—exposing everyone at Seagate to potential tax fraud and identity theft.

The Seagate breach comes less than a week after Snapchat employees' data was leaked in the same way. Security reporter Brian Krebs reported the breach after learning of it from a Seagate employee who had been given written notification of the breach.

Seagate's spokesperson Eric DeRitis confirmed the incident to Krebs: "On March 1, Seagate Technology learned that the 2015 W-2 tax form information for current and former US-based employees was sent to an unauthorized third party in response to the phishing e-mail scam. The information was sent by an employee who believed the phishing e-mail was a legitimate internal company request.” DeRitis told Krebs "several thousand" employees were affected and that the company is working with federal law enforcement; employees will receive two years of credit protection from the company.

Read 4 remaining paragraphs | Comments

IRS website attack nets e-filing credentials for 101,000 taxpayers

Breach comes a year after a previous hack compromised 300,000 people.

The US Internal Revenue Service was the target of a malware attack that netted electronic tax-return credentials for 101,000 social security numbers, the agency disclosed Tuesday.

Identity thieves made the haul by using taxpayers' personal data that was stolen from a source outside the IRS, according to a statement. The attackers then used an automated bot against an application on the IRS website that provides personal identification numbers for the electronic filing of tax returns. In all, the hackers made unauthorized queries against 464,000 social security numbers but succeeded against only 101,000 of them.

No personal information was obtained from the IRS systems. Agency officials are flagging the accounts of all affected taxpayers and plan to notify them by mail of the incident. The IRS is also working with other government agencies and industry partners to investigate the hack or stem its effects. The hack occurred last month.

Read 3 remaining paragraphs | Comments