The Treasury Inspector General for Tax Administration (TIGTA) issued a new report about the efforts of the IRS to prevent cybercriminals from accessing taxpayer data and using that data for purposes of income tax identity theft. While TIGTA found that the IRS had made some progress in updating the security of the identity authentication protocols it uses to insure that access to online IRS services such as reviewing documents and other tax related services is limited to the legitimate tax payers and not by identity thieves, the TIGTA auditors also found that many of the protections put in place by the IRS are outdated. According to TIGTA “without full implementation of the new standards, the IRS increases the risk of using inappropriate authentication controls, which could allow unauthorized access and activities, compromised taxpayer records, and revenue lost due to identity theft refund fraud.” Additionally, TIGTA also took issue with the timeline that the IRS set for complying with important security standards issued in 2017. The Office of Management and Budget (OMB) required compliance with those guidelines by 2018, however the IRS target date for implementing these security procedures is not until February 2023 which is not acceptable.
The history of the IRS and online security is not exemplary. Most notable in 2015 was its negligence in failing to institute proper security standards in its online access for people to get copies of their past tax returns. TIGTA found that in 724,000 instances, crybercriminals were able to access the income tax returns of innocent taxpayers through the IRS Get Transcript Application resulting in 252,400 fraudulent income tax returns being filed.
Usually, this is where I tell you what you can do about the problem I describe in the Scam of the day. Unfortunately, there is little we as citizens and taxpayers can do to protect ourselves from the lax security standards and practices of the IRS other than to protect yourself from becoming a victim of income tax identity theft by filing your income tax return as early as possible in order to get it to the IRS before an identity thief has the opportunity to do so. You may wish to contact your senator and congressman and ask them to compel the IRS to meet the TIGTA recommendations in regard to implementing better security.
If you do become a victim of income tax identity theft, you should file a Form 14039 electronically. You can obtain the form at the FTC’s http://www.Identitytheft.gov website where you will be asked questions necessary to automatically complete the form. Once the form is completed, you will be able to review it and, if it meets with your approval, submit the form directly to the IRS through the http://www.Identitytheft.gov website. You should also download and print out a copy of the form for your own records as well. You should receive a confirmation from the IRS of receipt of the form within thirty days. You also should file a police report immediately
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and click on the tab that states “Sign up for this blog.”