![CarmeloWalsh[.]com](https://www.carmelowalsh.com/wp-content/themes/twentyten/images/headers/sunset.jpg)
Multiple sources, such as Krebs and Ars Technica, report that a lot of fraudulent activity has focused around the Get Transcript app on the IRS website.
To obtain a transcript online, all that was needed to start the process was a Social Security number and an active e-mail address. Once the e-mail address was confirmed as legitimate, the system would then ask a number of questions about personal, financial, and tax information—including date of birth, tax filing status, and address—before providing the transcript for download. The questions are knowledge based and are types of questions that the answers don’t change, which are highly vulnerable to fraud. This is the same type of information harvested from breaches such as the Anthem breach.
Bad guys used this feature to pull sensitive data on more than 100,000 taxpayers this year. The Government Accountability Office (GAO) estimates that thieves steal nearly $6 billion a year from state and federal coffers each year via tax refund fraud. Due to new tactics this year, a huge spike in attempted fraudulent refund requests will occur.
