I'm a big fan of Brian Krebs' work. Whether you're a security professional or a consumer interested in the security and privacy of your information (or both!), his blog posts and articles are usually great reads. He recently put up a post entitled "Sign up at IRS.gov, before the crooks do it for you". Read it here.
It turns out that the IRS has a function on its website that allows you to get information about your past and current returns. You need to create an account to do so. The site does use a form of "identity proofing". This means that the site asks you to provide personal data that it matches to information it already has.
Identity Proofing is a great idea, in theory. It's designed to bypass the "Facebook attack" that is effective on so many other websites, particularly those that ask for answers to "secret questions". The so-called Facebook attack is when the answers to the secret questions or other identity information can easily be found on someone's Facebook page, or other social media (since Facebook is the "Kleenex" of social media! :-).
Side note... as I've discussed in the past, the "correct" way to answer secret questions is to not answer them truthfully. Then save your answers in your password vault. You do have a password vault, right?
The issue is that an ID thief can get to the site and set up an account in your name before you do! They can then use that to get more identity and tax information about you. Of course, the potential thief must know or guess a certain amount of information first.
From the Krebs' article:
Whether or not you plan to use the IRS online transcript services, you should still get in there and create your account... before someone does it for you!
Identity Proofing is a great idea, in theory. It's designed to bypass the "Facebook attack" that is effective on so many other websites, particularly those that ask for answers to "secret questions". The so-called Facebook attack is when the answers to the secret questions or other identity information can easily be found on someone's Facebook page, or other social media (since Facebook is the "Kleenex" of social media! :-).
Side note... as I've discussed in the past, the "correct" way to answer secret questions is to not answer them truthfully. Then save your answers in your password vault. You do have a password vault, right?
The issue is that an ID thief can get to the site and set up an account in your name before you do! They can then use that to get more identity and tax information about you. Of course, the potential thief must know or guess a certain amount of information first.
From the Krebs' article:
If you’re an American and haven’t yet created an account at irs.gov, you may want to take care of that before tax fraudsters create an account in your name and steal your personal and tax data in the process.From the IRS.gov website, here is what you need to sign up:
Note that you might need your tax return handy when you sign up. You need to enter your info exactly as it appears in your tax records. For example, did you use "road" or "rd" or "rd." in your address?"The personal information you enter must match the information you provided us on your most recent tax return. We use the following information to verify your identity:
- Name
- Social Security Number or Individual Tax ID Number (ITIN)
- Date of Birth
- Filing Status
- Mailing Address
- Third Party Verification Questions - you must provide answers to questions about personal information such as prior address, mortgage information, etc., that only you should know.
You must also provide us with a valid email address, which we will confirm and use to notify you if your registration information changes. Your confirmation email should arrive quickly so check your junk folder if you don't see it."
Whether or not you plan to use the IRS online transcript services, you should still get in there and create your account... before someone does it for you!
No comments:
Post a Comment