Auditors Show IRS Workers Too Willing to Cooperate

Fake computer technicians who asked Internal Revenue Service employees to provide login and password information were able to persuade 35 workers to cooperate, according to a new government report.

Treasury Department inspectors, posing as staffers from the information technology help desk, called 100 IRS employees and managers and said they were trying to fix a network problem, the Associated Press reported. They asked the employees for their login name and to temporarily change their password to one they provided. Those who complied with the request violated IRS rules, which bar employees from giving out their passwords.

"With an employee's user account name and password, a hacker could gain access to that employee's access privileges," said the report by the Treasury Department's inspector general for tax administration. "Even more significant, a disgruntled employee could use the same social engineering tactics and obtain another employee's username and password," auditors said.

The test was done to find the human flaws in the security system that protects taxpayers' data. When the test was done in 2001, 71 employees out of 100 cooperated, versus 35 this time.

The employees gave various reasons for complying with the request. Some said they did not suspect foul play since they were having network problems at the time; some said they wanted to be helpful to the tech staff; still others said they couldn't find the caller's name on the global IRS directory, but complied anyway. Some got approval from their managers before they would cooperate.

IRS employees have since been instructed to notify security officials if they get calls seeking password or login information.

You may like these other stories...

OECD calls for coordinated fight against corporate tax avoidanceDavid Jolly of the New York Times reported that dozens of countries with the most advanced economies have agreed on principles for concrete action to prevent...
Plan ahead before you buy some shares in a stock mutual fund near yearend, when the fund is about to pay a dividend. It might be better to wait until after the fund goes "ex-dividend," that is, wait until after the...
AgFeed agrees to pay $18 million to settle SEC accounting fraud caseMichael Rapoport of the Wall Street Journal reported on Monday that AgFeed Industries Inc. has agreed to pay $18 million to settle US Securities and...

Already a member? log in here.

Upcoming CPE Webinars

Sep 24
In this jam-packed presentation Excel expert David Ringstrom, CPA will give you a crash-course in creating spreadsheet-based dashboards. A dashboard condenses large amounts of data into a compact space, yet enables the end user to easily drill down into details when warranted.
Sep 30
This webcast will include discussions of important issues in SSARS No. 19 and the current status of proposed changes by the Accounting and Review Services Committee in these statements.
Oct 23
Amber Setter will show the value of leadership assessments as tools for individual and organizational leadership development initiatives.
Oct 30
Many Excel users have a love-hate relationship with workbook links. For the uninitiated, workbook links allow you to connect one Microsoft Excel spreadsheet to other spreadsheets, Word documents, databases, and even web pages.