Slashdot Mirror
Sign Up At irs.gov Before Crooks Do It For You
tsu doh nimh writes If you're an American and haven't yet created an account at irs.gov, you may want to take care of that before tax fraudsters create an account in your name and steal your personal and tax data in the process. Brian Krebs shows how easy it is for scammers to register an account in your name and view your current and past W2s and tax filings with the IRS, and tells the story of a New York man who — after receiving notice from the agency that someone had filed a phony return in his name — tried to get a copy of his transcript and found someone had already registered his SSN to an email address that wasn't his. Apparently, having a credit freeze prevents thieves from doing this, because the IRS relies on easily-guessed knowledge-based authentication questions from Equifax.
Except in this case, you can't; not without abolishing the IRS, in which case your desire to protect yourself and your privacy is right-wing lunacy. Right?
That's the powerful and elite, pissing on the rest of us!
Maybe it's because it's Monday... Maybe it's because I have a cold... Maybe, some day, Congress will actually fix some of the real fucking problems we have, with having a pseudo, tech. intergrated Government. And maybe, Hell will actually freeze over! I'm just done with this shit!!!!
IRS is using bad security to scare you into signing up. From there, they can easily enforce the obamacare mandate.
Taxing people for what they earn has always been a brain-dead policy. Taxes should be based on consumption, not production.
-jcr
The only title of honor that a tyrant can grant is "Enemy of the State."
Maybe, some day, Congress will actually fix some of the real fucking problems we have, with having a pseudo, tech. intergrated Government. And maybe, Hell will actually freeze over!
I hear Hell already froze over - several decades ago.
It was a particularly cold snap during winter in Michigan, with sub-zero (farenheit) temperatures. The expanding ice blew out a small (millpond-ish) dam. The water under the ice rushed down the river and overflowed it, pouring down the main street of the little village of Hell, Michigan. It was several inches deep when it slowed enough that the extreme cold froze it solid.
Since then a lot of the stuff that was waiting for Hell to freeze over has been happeng. That explains the last several decades nicely, eh? B-)
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
How do you expect people to measure their consumption of goods such as public roadways? Something tells me that someone who opposes basic principles of taxation will be even more upset at government monitoring of everything they consume, down to the minimum taxable unit. I'm guessing I'd prefer my production being a government-monitored measurable instead of my consumption.
For years, CRA, the Canadian equivalent to the IRS, has been including Web Authentication Codes (WACs) with the annual notice of assessment, that is, their summary of your personal income tax submission, snail mailed to your address of record some weeks after you submit your personal tax return.
Your WAC changes every year. Without it, you cannot access your account in CRA's online systems.
And it isn't enough: You also need your SIN and the amount recorded on a particular line of your return (or notice, I cannot remember which).
Now here is where my memory gets hazy: Once you register for online access, I think they might send a one-time code to your address, which is required to activate your account.
The only way to subvert this system is to tamper with postal delivery, which means fraudsters must take specific, intentional action and break multiple federal laws (postal acts, the income tax act, etc.). There ain't no easy to guess stuff in the Canadian system. The bar is sufficiently high, the risks to fraudsters very high, i.e., hard time.
I'm here EdgeKeep Inc.
I just went to www.irs.gov
The advice to sign up there may be reasonable, but the words 'sign up' or anything semantically similar do not appear on the front page. It's not obvious where you would go to try to sign up.
It's not https either.
I should use this sig to advertise my book ISBN-13 : 978-1501515132.
So you stirred up some good FUD (I'm not sure if it's correct or not, but read on). It took me quite a bit of hunting on the IRS site to even find where I could register. Once I tried that, it kept failing for me, telling me to enter a correct password. But that's another issue. The main issue is that you started this hysteria, which may or may not be real, with absolutely no link to the fix for it. WTF is up with that, jackasses? (I'm a bit stressed out after completely wasting an hour on this bullshit)
How do you expect people to measure their consumption of goods such as public roadways?
Traditionally that is done via a fuel tax. Usage of the roads correlates strongly with the amount of fuel consumed. Lots of public goods can be tracked with a good that correlates strongly with the use of the public good.
That's nothing than a way to get people to "sign up" for something and agree to a EULA.
Not going to happen. And I am now making my OWN tax forms, with the same math, but some carefully changed words.
I just now created an account. There's no login button on the top page -- you have to enter into some kind of transaction before it'll give you the option of logging in or creating a new account. (I chose to view a transcript for a past year.)
Once the process gets going, it's a little *too* straightforward. The information you need to create an account could easily be socially engineered. Current address, age, full name and SS# are all required information on any loan application, for instance. It then checks your records and gives you a multiple choice test for outstanding loans and banking information that you need to answer correctly. Again, all of this is public record. It would take some effort, but creating an account on someone else's SS# is definitely doable.
Oliver's law of assumed responsibility: If you're seen fixing it, you will be blamed for breaking it.
I just created my account and had to try 5 times before it accepted a randomly-generated password I created programmatically. All 5 randomly generated passwords were validated by the on-page Javascript, but upon submitting the form they were rejected with no stated reason.
The key to finally getting one accepted one selecting a very short one. 47 characters was nixed, as was 32 and a few other, shorter ones. It finally accepted what I would consider to be a not-even-close-to-long-enough password for something that could potentially have such a large negative impact on my life.
Whenever I hear the Republicans whining about how incompetent government is, I think to myself that big private companies are just as bureaucratic and incompetent. But then things like this and the initial ACA website launch happen to prove that yes, government really is even more incompetent than big business.
From the article:
For starters, the woman who owned the bank account that received his phony refund — a student at a local Pennsylvania university — said she got the transfer after responding to a Craigslist ad for a moneymaking opportunity.
Kasper said the detective learned that money was deposited into her account, and that she sent the money out to locations in Nigeria via Western Union wire transfer, keeping some as a profit, and apparently never suspecting that she might be doing something illegal.
WTF?
How can anyone in college not suspect that sending money to strangers in Nigeria might somehow involve something illegal?
Is it possible that someone is telling fibs? Oh my stars, I'm feeling dizzy.
I was signing up for something through my bank, and it was asking me some of these questions like, "Which of these employers did you previously work for?" Unfortunately none of them were correct (this wasn't a huge surprise because I had already tried to correct my credit report information... they seem to have me confused with someone else). That meant I couldn't continue, but it turns out if you start the test over again, it gives you the same question but randomly selects the "wrong" answers. All I had to do was remember what the original multiple-choice answers were, and pick the one that didn't change. Basically that means there's almost zero security with this method of authentication.
"I have never let my schooling interfere with my education." - Mark Twain
The most disturbing thing about irs.gov is that they require youtube permissions to even view the site. WTFMORONS!
First time it was asking credit verification questions that did not look right at all, and it kicked me out.
Second time I made it through the credit verification, but then it asked me to pick a security image that I'd recognize, but didn't actually load any images to pick from. Clicking in the general area of where the images should have been brought me to an error page.
Third time I tried I just kept getting Java server errors.
Beautiful - take an organization that processes billions of dollars of other people's money, and add security not much better than any random web shop. I just went through the process - they ask for only one single piece of information that isn't easily available: the filing status on your last return. Of course, there aren't many choices, and you can try as many times as you want, so there's no penalty for guessing.
For laughs, they think your SSN is super secret, because the first two parts are in a password field (***-**-1234), and erase whenever there's an error. Like your SSN isn't plastered all over every document you get.
In any case, I couldn't get it to work. I file a 1040NR, and the filing status choices are slightly different - likely, that's where the problem is. Anyone with a normal 1040 manage the registration?
Enjoy life! This is not a dress rehearsal.
Actually, it's impossible to file without W2s.
So, yeah a crook might be able to glem stuff,
they can't file for you.
My mom called me and told me that my brother had this very thing happen to him. He had to fill out some paperwork, and now has to wait up to 180 days for his return.
I'm about to file,and I'm scared to find out if I'll have the same problem.
I'm on a chair.
This is what you get with the lowest bidder.
Password ended in a '%'
Got this error:
Internal Server Error
The server encountered an internal error or misconfiguration and was unable to complete your request.
Please contact the server administrator, apache@%{Host}.rup.afsiep.net and inform them of the time the error occurred, and anything you might have done that may have caused the error.
More information about this error may be available in the server error log.
It's convenient to complain about the IRS, but its flaws are a result of our own animus. Note the flaws of the agency are separate from those of the underlying tax code it has to administer, which it does not write (blame Congress for that).
We don't want to fund the IRS, so its budget keeps getting cut, while the list of demands placed upon it increases. Nobody likes the IRS, so it has difficulty attracting high-quality job applicants. Would you want to work for an agency constantly being berated for doing its job? The workers are forced to do without simple benefits private sector workers take for granted, such as free water coolers and coffee because of public stinginess. I recently read an article in a trade publication that states the IRS has fewer than 750 workers younger than 25 out of a workforce of almost 70,000. The figures aren't great for under 35s either. With that kind of recruitment, it's little wonder that they are a bit behind the times.
Of course, there are the scandals, but those have involved small subsets within the organization. If one subgroup of 5 employees in Exempt Organizations did something wrong, public opinion pillories the remaining 69,995 employees. One example of waste becomes an assumption that everything is waste.
To share a personal story as a tax professional: I applied to the IRS coming out of school out of an interest in protecting the public interest. The pay was just over 1/3 of what I was being offered in the private sector (albeit with slightly better benefits). The recruiters did not exactly exude excitement about their jobs. Ultimately, that was too tough of a pill to swallow. Now, I help companies minimize their corporate taxes.
From the article:
My identity was stolen once. Someone got my name, DOB, SSN, and mailing address. They used this to open a credit card (*cough*Capital One*cough*) in my name. Due to a quirk, I was lucky and the card came to me, not them. Once I reported it as fraudulent (after having to argue that, no, my wife who was standing RIGHT THERE didn't open it under my name without telling me), they refused to tell me where the card was supposed to have gone to. They told me that this was because if they told me and I went and shot the person, they would be liable. Then, they proceeded to stonewall both me and the police until the investigation was dropped.
The lesson here? Companies (and government agencies) don't care about you. Fraud can be written off and is no big deal to them even if it ruins your credit rating and takes years of your life to fix. For them, that's just one line item in a million. I was lucky that I didn't lose anything and it was relatively easy to fix (close fraudulent account, freeze credit file), but others aren't so lucky.
My sci-fi novel, Ghost Thief, is now available from Amazon.com.
There is a wide range of mailbox types in the US. A mailbox without a lock is common on houses, although apartment buildings tend to have locks on individual mailboxes, generally within a secure vestibule or foyer.
Some buildings have mail slots in or beside the front door that go into a secure area.
Whether the postal service leaves packages depends on how good they consider the area to be. If they worry someone is likely to take the package, some post offices won't leave one unless someone is home.
But you also have theft from conventional municipal mailboxes for sending mail. Criminals hack the mechanics and steal checks, for example, and then alter them to be in their name. A neighbor had one re-written to "Angel Batista," a character from the television show Dexter.
For some stupid reason, they have a rule that passwords cannot contain spaces. This rule is NOT disclosed anywhere... except in the source of tools.js:
[slashdot formatting is bad] // VALIDATE LENGTH (BETWEEN 8 AND 16 CHARACTERS)
if ((password.length 8) || !/[a-z]+/.test(password) || !/[0-9]+/.test(password) || !/[A-Z]+/.test(password) ||
!containsSpecialCharacter(password) || containsSSN(password) || containsSpace(password)) {
alert(pwdErrorMsg);
passwordObject.focus();
return false;
}
The other rules are fairly reasonable, but I can find no rational reason why they added this one. I had to debug the damned form too, just to figure it out.
In other news, Slashdot won't let me format this nicely. Gah, sorry.
IRS.gov looks like a GoDaddy placeholder... I don't want to sign up there.
I once had someone get access to my canceled checks and they proceeded to pay off $5000 of their credit card bills through online transactions.
I found out about it the next week, reported it, and the money was returned to my account the next day.
The person who actually made the transactions had a stern talking to by the police, acknowledged that they had used the routing numbers, and that was it. I was not given the option to press charges.
I guess that the philosophy of "no harm, no foul" applies.
I've had a credit freeze for years now, still...
WAC are actually not required anymore, although it is still avalable.
CRA My Account is accessible now via a system called "Secure Key Concierge", where the CRA redirects your login to your bank. As long as you have an account with one of the "Big 6", you can log into your online banking, after which the CRA federates with the bank and checks that your SIN and DOB at the bank is the same as the SIN and DOB you entered at the site, and if so they let you in.
IMO it is a much more convenient way to authenticate in a way that covers likely 90%+ of the Canadian population.
And that method is starting to fall apart as high efficiency and alternative fuel vehicles become more common.
I didn't choose the word fuel by accident. You will note I did not say gasoline or diesel. Fuel can come in the form of stored electrons. You can tax electricity just as easily as gasoline. You can also adjust the tax rate to adjust for improving fuel economy.
The Federal Government is planning to spend about $3.9 trillion dollars. There are about 320 million in the US. So hand every man, woman, and child a bill for $12,187 and be done with it. That's what the Federal Government is spending on your behalf, you should plan to provide it with that revenue.
Browsing at +1 - no ACs, I ignore their posts. So refreshing!
Actually, it's impossible to file without W2s.
So, yeah a crook might be able to glem stuff,
they can't file for you.
It looks like if you (the crook) sign up you can view your victim's old W2s, and from them you can fake it for the following (current) year, fill out a tax return based on those faked W2s and get the refund sent to a compromised bank account. Withdraw the refund money and run away.
250 pages of what people think of the IRS and tax system, all not marked offtopic, and not one person actually found the "create an account" page on their crappily-made website. Anyone know where it is? I'm at a loss.
You should be taxed based on the value of the services you receive. Basing it on consumption is a foolish (and economy killing) way to allocate tax liability.
Is it just my observation, or are there way too many stupid people in the world?
I know, it's beneath you to read the fine article, but there's a link in the first sentence of the article which - if you follow it and choose to view an online transcript (which is the subject of the article) you can log in or create a user ID.
Is it just my observation, or are there way too many stupid people in the world?
I like this notice:
THIS U.S. GOVERNMENT SYSTEM IS FOR AUTHORIZED USE ONLY!
Use of this system constitutes consent to monitoring, interception, recording, reading,
copying or capturing by authorized personnel of all activities. There is no right to privacy in
this system. Unauthorized use of this system is prohibited and subject to criminal and civil
penalties, including all penalties applicable to willful unauthorized access (UNAX) or
inspection of taxpayer records (under 18 U.S.C. 1030 and 26 U.S.C. 7213A and 26 U.S.C.
7431).