Defending Against Identity Theft

This recent IRS tax season yielded more reports of tax fraud on campus and across the country than previous years. The IRS has estimated that approximately 1 out of every 100 taxpayers will be victims of tax fraud this year.

This past year roughly 130 UT Austin faculty and staff were affected by IRS tax scams in which attackers filed a forged return and received a fraudulent tax refund.  Roughly 70% of the reported victims at UT Austin were faculty members.

The Information Security Office has worked directly with many of these affected parties and would like to share some potentially helpful information with you, as well.

Please note that while there were no breaches associated with UT Austin information resources, attackers have employed a variety of tactics to carry out their fraud. Many taxpayers fell victim to highly targeted phishing scams, spoofed calls from the Travis County Sheriff's office and other law enforcement agencies, compromised tax preparation software credentials and services, and malware infections on their personal devices that logged keystrokes. Reports also emerged of attackers stealing W2 forms from their victim's mailboxes.

For additional perspective, the UT Austin Information Security Office consulted with a number of other higher education institutions across the country and most of them reported similar activity. In one case, a smaller institution reported close to 200 cases. These reports further indicated that faculty members accounted for the majority of the victims.

In many cases, attackers also created IRS transcript accounts for the victims.

What can you do?

1. Set up UT Austin Two-Factor Authentication.  If you have not yet set up the Toopher second-factor option -- which helps protect your W2 with an additional layer of authentication -- we encourage you to do so: http://www.utexas.edu/eid/help/index.html#utdsf.

2. We strongly urge you to set up a transcript account with the IRS if you haven't already (http://www.irs.gov/Individuals/Get-Transcript) and do so before an attacker does.

3. We suggest that you create an account with the Social Security Administration before attackers do so on your behalf (http://ssa.gov/myaccount/).

4. We suggest you review these articles about the recent rash of IRS scams. They offer practical resources for victims of tax fraud, along with some insight into how the attackers are operating:

    Article: Creating an IRS transcript account before the attackers do

    http://krebsonsecurity.com/2015/03/sign-up-at-irs-gov-before-crooks-do-it-for-you 

    Article: Consider freezing your credit file

    http://krebsonsecurity.com/2015/06/how-i-learned-to-stop-worrying-and-embrace-the-security-freeze/ 

    (NOTE: Consider doing this for your underage children as attackers will often try to exploit the credit of minors, which is generally not being monitored by parents)

    Article: IRS Identifies Five Easy Ways to Spot Suspicious Calls

    http://www.irs.gov/uac/Newsroom/Scam-Phone-Calls-Continue;-IRS-Identifies-Five-Easy-Ways-to-Spot-Suspicious-Calls 

5. There are a variety of services that can proactively monitor your credit activity for abuse or misuse. One such service that the university has had good luck with is AllClearID: https://www.allclearid.com/plans/pro-plan 

6. Last, here are a few related news articles that cover the various breach events associated with the IRS scams:

    Article: Seton reports a breach of ~40,000 customer records

    http://kxan.com/2015/04/24/39000-affected-in-seton-phishing-attack-targeting-company-emails 

    Article: IRS reported at least 100,000 filers were breached

    http://www.usatoday.com/story/tech/2015/05/26/irs-breach-100000-accounts-get-transcript/27980049 

    Article: Local IRS Austin employee arrested in a tax return scheme

    http://www.statesman.com/news/news/crime-law/austin-irs-employee-faces-federal-charges-in-false/nk4Ph 

    Article: IRS confirmed that roughly $40M was stolen by cyber thieves

    http://www.usatoday.com/story/money/2015/06/02/irs-data-breach-senate-hearing/28353983 

 

The IRS is looking at ways to strengthen the authentication validation procedures they use, and they have engaged private sector entities who are already using various forms of two-factor authentication.

If you have any questions or concerns, or if you believe you have been a victim of such fraud, please do not hesitate to contact the Information Security Office at security@utexas.edu.

Thank you for your vigilance! 

Information Security Office

http://security.utexas.edu

security@utexas.edu