Crims unleashed IRS-stabbing malware in bid to rob 464,000 people
You'd think someone filing your tax return for you would be doing you a favor. Guess again
Crooks generated the keys necessary to file tax returns for 101,000 people in the US – allowing the crims to potentially siphon off their victims' rebates.
All American citizens, and tax residents in the US, must submit their annual tax forms by April 18 for this year. Surprisingly, you can do this online using the IRS's e-filing website, which requires a valid PIN to authorize the submission. You can obtain a PIN by filling out an online form.
Fraudsters, armed with stolen social security numbers and other personal information on nearly half a million people, used malware to systematically request PINs corresponding to those taxpayers, allowing the crooks to potentially file paperwork on their behalf. The swindlers could put their own bank account details on the tax returns, thus channelling people's rebates into the thieves' pockets.
"Using personal data stolen elsewhere outside the IRS, identity thieves used malware in an attempt to generate E-file PINs for stolen social security numbers. An E-file PIN is used in some instances to electronically file a tax return," the IRS said in a statement today.
"Based on our review, we identified unauthorized attempts involving approximately 464,000 unique SSNs, of which 101,000 SSNs were used to successfully access an E-file PIN."
The IRS said this all went down last month, and stressed that no personal information was swiped from its servers – unlike what happened last year.
The agency has launched a full investigation with the Treasury Inspector General for Tax Administration. The accounts that had their PIN numbers successfully generated by the malware will have their accounts placed on a watch list to guard against fraud.
The taxmen said the attack wasn't connected to last week's computer network outage. But some in the industry think the malware caper could be linked to other IT security breaches – for example, crooks exploiting SSNs and other personal information lifted from hospital systems.
"There's an interesting connection between this targeted attack and the 100+ million healthcare records we saw compromised in 2015," Caleb Barlow, VP at IBM Security, told El Reg. "The information obtained in the compromised healthcare records could be what was needed to try to access these high-value accounts." ®
Sponsored: Global DDoS threat landscape report