Tax returns, identity theft and hackers – Oh my!

1
Welcome to Tax Week, identity thieves!  Photo by Flickr user Aranami

Welcome to Tax Week, identity thieves!
Photo by Flickr user Aranami

Monday, April 18th is Tax Day, aka, National Identity Theft Day. OK, that part’s not true, but as millions of taxpayers go online to file taxes, it may as well be. The majority of taxpaying citizens file online, using services such as the popular TurboTax, H & R Block, and TaxSlayer . Even the IRS now offers its own free online tax filing service, Free File.  While online filing provides a convenient and more expedited means to submit tax documentation, it also introduces challenges akin to a massive clearance special on the Dark Web. With all that personally identifiable information (PII) flying around the web, you (almost) can’t blame criminal enterprises. They’re kids in a candy store… They just can’t help themselves.

In all seriousness, identity theft and fraud are real problems that far too many of us have faced in recent years, thanks to the “internet of everything”.  Never before have we enjoyed the ability to recon a vacation property via Google Earth, log into our bank account to check our balances or pay bills, “chat” with colleagues over instant message, purchase that miniature horse pet door, or binge watch another season of Homeland – right from that one spot on the couch you haven’t moved from…. for days.  And as convenient as all that may be, the very same technology that allows us to avoid human contact for weeks on end, also provides a very attractive vehicle for criminal activity.  The same benefits we enjoy while not cyber stalking an ex on Facebook, cyber criminals and hackers enjoy while “breaking into” financial institutions, the Department of Defense, retailers and even the IRS.  And this time of year, it’s like Cyber Christmas.

From across the world, or the basement next door, bad actors could be submitting fraudulent tax returns with the information stolen from tax preparing software websites or the IRS itself.  The data that can be obtained from tax documents is the cybercrime “holy grail.”  Far more valuable than a person’s bank account info, or a credit card stolen from a retailer’s point of sale, tax data exposes so much of one’s personal life, including family members and their PII and employment information. With these golden nuggets, a motivated bad guy can steal an identity by applying for new credit lines and causing a whole mess of liability issues for the unlucky victim to unravel.

While I have never personally endured such an ordeal I have heard from many that it’s so challenging to recover from that the punishment for actually committing a petty crime is a seemingly better outcome. Considering this, I am surprised to still see audits that cite continuing security vulnerabilities in e-filing systems, additional data breaches and even unresolved vulnerabilities in software months after detection.

While there is evidence government agencies are facing decreasing budgets, while cyber criminals continue to become more advanced, responsible parties seem to be outraged at such “lax security”. But t the fact of the matter is – without adequate priorities, funding and oversight, we cannot expect our sensitive information to protect itself.

Right now, as tens of millions of taxpayers transmit their PII over the web, criminals are planning and executing to commit fraud.  We know that tax data is highly valuable, and identity theft is debilitating for a victim, yet the ability to verify true identities is still difficult.  As the 2015 tax dollars are reconciled, it is my hope that all the “responsible parties” take notice of the risk citizens face with their tax information, and take the necessary steps (priorities, planning, funding, execution and oversight) to ensure the best possible safeguards in protecting it.

 

Share

About Author

Jen Dunham

Principal Solutions Architect

As a Solution Specialist within the Security Intelligence Global Practice, Jen is focused on providing subject matter expertise and assistance to Government teams addressing various security risks such as Cyber Security, Insider Threat, Targeting/Lead Generation, and other Intelligence-specific applications of the SAS Security Intelligence Foundation. Having served as an all-source intelligence analyst in the United States Army, and having since worked closely with numerous law enforcement, defense, and intelligence organizations around the world, Jen has a unique and comprehensive view within these areas and how their tradecraft and missions vary. Jen has worked in mission areas to include; counterterrorism, counterespionage, counternarcotic, peacekeeping missions, priority intelligence requirements, and the Balkans (Bosnia-Herzegovina). Over the last 22 years, Jen has held a security clearance with numerous agencies supporting organizations such as FBI, DEA, NSA, CIA, NCTC, State Department, Department of Energy, and also State and Local Law Enforcement. Jen also has in-depth knowledge (through previous employment) of technology and information companies such as i2, Dun & Bradstreet, Choicepoint and Thompson Reuters.

Back to Top