Sting operation nabs 61 IRS employees

Representatives from the office of the Treasury Inspector General for Tax Administration (TIGTA) posing as help desk technicians contacted a random sample of 102 IRS employees, including managers and a contractor, by telephone. During the course of the phone calls, which occurred on a single day, 61 of the 102 IRS employees, or 60 percent, agreed to provide their user names and passwords to the strangers on the telephone.

Only eight of the 102 employees contacted followed proper procedure and reported the contact to appropriate IRS personnel.

Senator Max Baucus (D-MT), chairman of the Senate Finance Committee, referred to the results as being demonstrative of "reckless disregard for computer security" on behalf of millions of American taxpayers, leaving them "vulnerable to identity theft and other fraudulent schemes."

A report released by the U.S. Treasury Department stated, "Employees either do not fully understand security requirements for password protection or do not place a sufficiently high priority on protecting taxpayer data in their day-to-day work."

One third of the IRS employees who volunteered their passwords stated that they believed the calls to be legitimate, and some even stated that they were experiencing difficulty with their computers before they got the bogus help desk call.

TIGTA conducted similar tests in 2001 and 2004. In the 2001 test, 75 percent of IRS employees provided their login information to callers; in 2004 the number had decreased to 35 percent.

TIGTA has recommended that the IRS conduct additional security awareness training and internal social-engineering tests.

You can read the complete report.


Already a member? log in here.

Editor's Choice

Upcoming CPE Webinars

Dec 3The materials discuss the concepts and principles in the AICPA’s new special purpose framework.
Dec 8Kristen Rampe will cover how to diffuse the tension in challenging situations in this one-hour webinar.
Dec 9A key component to improving your firm’s workflow efficiency while enhancing your profitability at the same time is how you leverage emerging technologies.
Dec 16Kristen Rampe will give tips on how to bring confidence into the room and build a valuable network.