Microsoft today pushed out 13 security updates to fix at least 39 separate vulnerabilities in its various Windows operating systems and software. Five of the updates fix flaws that allow hackers or malware to break into vulnerable systems without any help from the user, save for perhaps visiting a hacked Web site.
Citing ongoing security concerns, the Internal Revenue Service (IRS) has suspended a service offered via its Web site that allowed taxpayers to retrieve so-called IP Protection PINs (IP PINs), codes that the IRS has assigned to some 2.7 million taxpayers to help prevent those individuals from becoming victims of tax refund fraud two years in a row. The move comes just days after KrebsOnSecurity first exposed how ID thieves were abusing the service to revisit tax refund on innocent taxpayers two years running.
Email scam artists last week tricked an employee at data storage giant Seagate Technology into giving away 2015 W-2 tax documents on all current and past employees, KrebsOnSecurity has learned. W-2 forms contain employee Social Security numbers, salaries and other personal data, and are highly prized by thieves involved in filing phony tax refund requests with the Internal Revenue Service (IRS) and the states.
A number of credit unions say they have experienced an unusually high level of debit card fraud from the breach at nationwide fast food chain Wendy’s, and that the losses so far eclipse those that came in the wake of huge card breaches at Target and Home Depot.
Last year, KrebsOnSecurity warned that the Internal Revenue Service’s (IRS) solution for helping victims of tax refund fraud avoid being victimized two years in a row was vulnerable to compromise by identity thieves. According to a story shared by one reader, the crooks are well aware of this security weakness and are using it to revisit tax refund fraud on at least some victims two years running — despite the IRS’s added ID theft protections.
The U.S. Internal Revenue Service (IRS) today sharply revised previous estimates on the number of citizens that were hit by tax refund fraud since 2014 thanks to a security weakness in the IRS’s own Web site. According to the IRS, at least 724,000 citizens were victims of refund fraud after crooks figured out how to abuse a (now defunct) IRS Web site feature called “Get Transcript” to steal victim’s prior tax da
Notifying people and companies about data breaches often can be a frustrating and thankless job. Despite my best efforts, sometimes a breach victim I’m alerting will come away convinced that I am not an investigative journalist but instead a scammer. This happened most recently this week, when I told a California credit union that its online banking site was compromised and apparently had been for nearly two months.
With tax filing season in the United States well underway, scammers who specialize in tax refund fraud have a new trick up their sleeves: Spoofing emails from a target organization’s CEO, asking human resources and accounting departments for employee W-2 information.
Many readers have asked for a primer summarizing the privacy and security issues at stake in the the dispute between Apple and the U.S. Justice Department, which last week convinced a judge in California to order Apple to unlock an iPhone used by one of assailants in the recent San Bernardino massacres. I don’t have much original reporting to contribute on this important debate, but I’m visiting it here because it’s a complex topic that deserves the broadest possible public scrutiny.
Computer maker Dell is asking for help in an ongoing probe into the source of customer information that appears to have somehow landed in the laps of fraudsters posing as Dell computer support technicians. KrebsOnSecurity readers continue to report being called by scammers posing as Dell support personnel who offer “proof” that they’re with Dell by rattling off the unique Dell “service tag” code printed on each Dell customer’s PC or laptop, as well as information from any previous (legitimate) service issues the customer may have had with Dell.
