Expert: Time to stop relying on PII for authentication
Last week, the IRS released an updated damage estimate of the hack of the tax transcript request website — cyberthieves used the transcripts to file fraudulent returns in order to get their hands on as much as $39 million in tax refunds.
What is more disconcerting, though, is that the hackers made 200,000 attempts at getting into the system — and succeeded 100,000 times.
That’s because the IRS was using a series of personal questions to authenticate identity. Unfortunately, these days, the hackers often know more of our personal details than we know ourselves — does anyone actually remember the street they lived on five moves ago?
[ ALSO ON CSO Deconstructing an IRS Phishing scam ]