Auditors Show IRS Workers Too Willing to Cooperate

Fake computer technicians who asked Internal Revenue Service employees to provide login and password information were able to persuade 35 workers to cooperate, according to a new government report.

Treasury Department inspectors, posing as staffers from the information technology help desk, called 100 IRS employees and managers and said they were trying to fix a network problem, the Associated Press reported. They asked the employees for their login name and to temporarily change their password to one they provided. Those who complied with the request violated IRS rules, which bar employees from giving out their passwords.

"With an employee's user account name and password, a hacker could gain access to that employee's access privileges," said the report by the Treasury Department's inspector general for tax administration. "Even more significant, a disgruntled employee could use the same social engineering tactics and obtain another employee's username and password," auditors said.

The test was done to find the human flaws in the security system that protects taxpayers' data. When the test was done in 2001, 71 employees out of 100 cooperated, versus 35 this time.

The employees gave various reasons for complying with the request. Some said they did not suspect foul play since they were having network problems at the time; some said they wanted to be helpful to the tech staff; still others said they couldn't find the caller's name on the global IRS directory, but complied anyway. Some got approval from their managers before they would cooperate.

IRS employees have since been instructed to notify security officials if they get calls seeking password or login information.

You may like these other stories...

Could the IRS disallow Ice Bucket Challenge charitable contributions?Unless you’ve been living under a rock, you’ve probably heard of – or participated in – the ALS Ice Bucket Challenge.I was...
As a general rule, a taxpayer can deduct the full amount of monetary contributions made to a qualified charitable organization, as long as certain substantiation requirements are met. These donations are typically made...
Hertz withdraws full-year forecast, cites accounting review, challengesRental car company Hertz Global Holdings Inc. said on Tuesday it is withdrawing its full-year financial forecast and expects 2014 results to be “...

Already a member? log in here.

Upcoming CPE Webinars

Aug 26
This webcast will include discussions of recently issued, commonly-applicable Accounting Standards Updates for non-public, non-governmental entities.
Aug 28
Excel spreadsheets are often akin to the American Wild West, where users can input anything they want into any worksheet cell. Excel's Data Validation feature allows you to restrict user inputs to selected choices, but there are many nuances to the feature that often trip users up.
Sep 9
In this session we'll discuss the types of technologies and their uses in a small accounting firm office.
Sep 11
This webcast will include discussions of commonly-applicable Clarified Auditing Standards for audits of non-public, non-governmental entities.