Slashdot Mirror
Sign Up At irs.gov Before Crooks Do It For You
tsu doh nimh writes If you're an American and haven't yet created an account at irs.gov, you may want to take care of that before tax fraudsters create an account in your name and steal your personal and tax data in the process. Brian Krebs shows how easy it is for scammers to register an account in your name and view your current and past W2s and tax filings with the IRS, and tells the story of a New York man who — after receiving notice from the agency that someone had filed a phony return in his name — tried to get a copy of his transcript and found someone had already registered his SSN to an email address that wasn't his. Apparently, having a credit freeze prevents thieves from doing this, because the IRS relies on easily-guessed knowledge-based authentication questions from Equifax.
Except in this case, you can't; not without abolishing the IRS, in which case your desire to protect yourself and your privacy is right-wing lunacy. Right?
Ah, who is responsible for introducing this problem on the irs.gov website?
Now you have identified the organization responsible for fixing the damn thing.
Taxing people for what they earn has always been a brain-dead policy. Taxes should be based on consumption, not production.
-jcr
The only title of honor that a tyrant can grant is "Enemy of the State."
Maybe, some day, Congress will actually fix some of the real fucking problems we have, with having a pseudo, tech. intergrated Government. And maybe, Hell will actually freeze over!
I hear Hell already froze over - several decades ago.
It was a particularly cold snap during winter in Michigan, with sub-zero (farenheit) temperatures. The expanding ice blew out a small (millpond-ish) dam. The water under the ice rushed down the river and overflowed it, pouring down the main street of the little village of Hell, Michigan. It was several inches deep when it slowed enough that the extreme cold froze it solid.
Since then a lot of the stuff that was waiting for Hell to freeze over has been happeng. That explains the last several decades nicely, eh? B-)
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
we fully intend to follow Obama's lead and use the IRS as a weapon against our enemies domestic and domestic.
Obama's lead? If you think he started this, you must be new around here (planet earth).
Well it's working, because I don't appear to have any choice.
“Common sense is not so common.” — Voltaire
Or we could have just gone to the doctor and paid out of pocket, without having to pay a middle layer to deny the claim.
How do you expect people to measure their consumption of goods such as public roadways? Something tells me that someone who opposes basic principles of taxation will be even more upset at government monitoring of everything they consume, down to the minimum taxable unit. I'm guessing I'd prefer my production being a government-monitored measurable instead of my consumption.
For years, CRA, the Canadian equivalent to the IRS, has been including Web Authentication Codes (WACs) with the annual notice of assessment, that is, their summary of your personal income tax submission, snail mailed to your address of record some weeks after you submit your personal tax return.
Your WAC changes every year. Without it, you cannot access your account in CRA's online systems.
And it isn't enough: You also need your SIN and the amount recorded on a particular line of your return (or notice, I cannot remember which).
Now here is where my memory gets hazy: Once you register for online access, I think they might send a one-time code to your address, which is required to activate your account.
The only way to subvert this system is to tamper with postal delivery, which means fraudsters must take specific, intentional action and break multiple federal laws (postal acts, the income tax act, etc.). There ain't no easy to guess stuff in the Canadian system. The bar is sufficiently high, the risks to fraudsters very high, i.e., hard time.
I'm here EdgeKeep Inc.
I just went to www.irs.gov
The advice to sign up there may be reasonable, but the words 'sign up' or anything semantically similar do not appear on the front page. It's not obvious where you would go to try to sign up.
It's not https either.
I should use this sig to advertise my book ISBN-13 : 978-1501515132.
hey, you get to vote for the lapdog of the elite of your choice
How do you expect people to measure their consumption of goods such as public roadways?
Traditionally that is done via a fuel tax. Usage of the roads correlates strongly with the amount of fuel consumed. Lots of public goods can be tracked with a good that correlates strongly with the use of the public good.
I just now created an account. There's no login button on the top page -- you have to enter into some kind of transaction before it'll give you the option of logging in or creating a new account. (I chose to view a transcript for a past year.)
Once the process gets going, it's a little *too* straightforward. The information you need to create an account could easily be socially engineered. Current address, age, full name and SS# are all required information on any loan application, for instance. It then checks your records and gives you a multiple choice test for outstanding loans and banking information that you need to answer correctly. Again, all of this is public record. It would take some effort, but creating an account on someone else's SS# is definitely doable.
Oliver's law of assumed responsibility: If you're seen fixing it, you will be blamed for breaking it.
I just did it successfully, after getting the error you got the first time through. You're right, the website does not clearly have a place to log in -- you have to request a document or initiate a payment in order to get the login screen, wherein you can also create an account. In defense of OP, this may be the reason they did not include a link to a login page -- there doesn't appear to be one.
But to your point, there seems to be a bug in the form, where if you put any punctuation or special characters in the required passphrase, it misreports the issue as a bad password. Taking the exclamation point out of the passphrase caused my password (a different token) to be accepted. For what it's worth, YMMV, etc etc. (This is the government we're talking about...)
Oliver's law of assumed responsibility: If you're seen fixing it, you will be blamed for breaking it.
I just created my account and had to try 5 times before it accepted a randomly-generated password I created programmatically. All 5 randomly generated passwords were validated by the on-page Javascript, but upon submitting the form they were rejected with no stated reason.
The key to finally getting one accepted one selecting a very short one. 47 characters was nixed, as was 32 and a few other, shorter ones. It finally accepted what I would consider to be a not-even-close-to-long-enough password for something that could potentially have such a large negative impact on my life.
Whenever I hear the Republicans whining about how incompetent government is, I think to myself that big private companies are just as bureaucratic and incompetent. But then things like this and the initial ACA website launch happen to prove that yes, government really is even more incompetent than big business.
From the article:
For starters, the woman who owned the bank account that received his phony refund — a student at a local Pennsylvania university — said she got the transfer after responding to a Craigslist ad for a moneymaking opportunity.
Kasper said the detective learned that money was deposited into her account, and that she sent the money out to locations in Nigeria via Western Union wire transfer, keeping some as a profit, and apparently never suspecting that she might be doing something illegal.
WTF?
How can anyone in college not suspect that sending money to strangers in Nigeria might somehow involve something illegal?
Is it possible that someone is telling fibs? Oh my stars, I'm feeling dizzy.
I was signing up for something through my bank, and it was asking me some of these questions like, "Which of these employers did you previously work for?" Unfortunately none of them were correct (this wasn't a huge surprise because I had already tried to correct my credit report information... they seem to have me confused with someone else). That meant I couldn't continue, but it turns out if you start the test over again, it gives you the same question but randomly selects the "wrong" answers. All I had to do was remember what the original multiple-choice answers were, and pick the one that didn't change. Basically that means there's almost zero security with this method of authentication.
"I have never let my schooling interfere with my education." - Mark Twain
Beautiful - take an organization that processes billions of dollars of other people's money, and add security not much better than any random web shop. I just went through the process - they ask for only one single piece of information that isn't easily available: the filing status on your last return. Of course, there aren't many choices, and you can try as many times as you want, so there's no penalty for guessing.
For laughs, they think your SSN is super secret, because the first two parts are in a password field (***-**-1234), and erase whenever there's an error. Like your SSN isn't plastered all over every document you get.
In any case, I couldn't get it to work. I file a 1040NR, and the filing status choices are slightly different - likely, that's where the problem is. Anyone with a normal 1040 manage the registration?
Enjoy life! This is not a dress rehearsal.
My mom called me and told me that my brother had this very thing happen to him. He had to fill out some paperwork, and now has to wait up to 180 days for his return.
I'm about to file,and I'm scared to find out if I'll have the same problem.
I'm on a chair.
This is what you get with the lowest bidder.
Password ended in a '%'
Got this error:
Internal Server Error
The server encountered an internal error or misconfiguration and was unable to complete your request.
Please contact the server administrator, apache@%{Host}.rup.afsiep.net and inform them of the time the error occurred, and anything you might have done that may have caused the error.
More information about this error may be available in the server error log.
It's convenient to complain about the IRS, but its flaws are a result of our own animus. Note the flaws of the agency are separate from those of the underlying tax code it has to administer, which it does not write (blame Congress for that).
We don't want to fund the IRS, so its budget keeps getting cut, while the list of demands placed upon it increases. Nobody likes the IRS, so it has difficulty attracting high-quality job applicants. Would you want to work for an agency constantly being berated for doing its job? The workers are forced to do without simple benefits private sector workers take for granted, such as free water coolers and coffee because of public stinginess. I recently read an article in a trade publication that states the IRS has fewer than 750 workers younger than 25 out of a workforce of almost 70,000. The figures aren't great for under 35s either. With that kind of recruitment, it's little wonder that they are a bit behind the times.
Of course, there are the scandals, but those have involved small subsets within the organization. If one subgroup of 5 employees in Exempt Organizations did something wrong, public opinion pillories the remaining 69,995 employees. One example of waste becomes an assumption that everything is waste.
To share a personal story as a tax professional: I applied to the IRS coming out of school out of an interest in protecting the public interest. The pay was just over 1/3 of what I was being offered in the private sector (albeit with slightly better benefits). The recruiters did not exactly exude excitement about their jobs. Ultimately, that was too tough of a pill to swallow. Now, I help companies minimize their corporate taxes.
From the article:
My identity was stolen once. Someone got my name, DOB, SSN, and mailing address. They used this to open a credit card (*cough*Capital One*cough*) in my name. Due to a quirk, I was lucky and the card came to me, not them. Once I reported it as fraudulent (after having to argue that, no, my wife who was standing RIGHT THERE didn't open it under my name without telling me), they refused to tell me where the card was supposed to have gone to. They told me that this was because if they told me and I went and shot the person, they would be liable. Then, they proceeded to stonewall both me and the police until the investigation was dropped.
The lesson here? Companies (and government agencies) don't care about you. Fraud can be written off and is no big deal to them even if it ruins your credit rating and takes years of your life to fix. For them, that's just one line item in a million. I was lucky that I didn't lose anything and it was relatively easy to fix (close fraudulent account, freeze credit file), but others aren't so lucky.
My sci-fi novel, Ghost Thief, is now available from Amazon.com.
There is a wide range of mailbox types in the US. A mailbox without a lock is common on houses, although apartment buildings tend to have locks on individual mailboxes, generally within a secure vestibule or foyer.
Some buildings have mail slots in or beside the front door that go into a secure area.
Whether the postal service leaves packages depends on how good they consider the area to be. If they worry someone is likely to take the package, some post offices won't leave one unless someone is home.
But you also have theft from conventional municipal mailboxes for sending mail. Criminals hack the mechanics and steal checks, for example, and then alter them to be in their name. A neighbor had one re-written to "Angel Batista," a character from the television show Dexter.
IRS.gov looks like a GoDaddy placeholder... I don't want to sign up there.
I'm not exactly sure what the rules are. My initial attempts at a password contained "^" -- I figured it was safe, because it was in the list they suggested. I kept simplifying the password and it kept rejecting me. Each time I had to re-enter half the security choices -- it kept my answers, but not the questions.
I finally gave up and chose a completely new password, and this one didn't include "^". Took it the first time.
Ignorance killed the cat. Curiosity was framed.
I've had a credit freeze for years now, still...
WAC are actually not required anymore, although it is still avalable.
CRA My Account is accessible now via a system called "Secure Key Concierge", where the CRA redirects your login to your bank. As long as you have an account with one of the "Big 6", you can log into your online banking, after which the CRA federates with the bank and checks that your SIN and DOB at the bank is the same as the SIN and DOB you entered at the site, and if so they let you in.
IMO it is a much more convenient way to authenticate in a way that covers likely 90%+ of the Canadian population.
And that method is starting to fall apart as high efficiency and alternative fuel vehicles become more common.
I didn't choose the word fuel by accident. You will note I did not say gasoline or diesel. Fuel can come in the form of stored electrons. You can tax electricity just as easily as gasoline. You can also adjust the tax rate to adjust for improving fuel economy.
Just lost the emails? Doing better than Hillary, who lost an entire physical email server.
it's nice that a Canadian company is writting all the US's web sites.
The Federal Government is planning to spend about $3.9 trillion dollars. There are about 320 million in the US. So hand every man, woman, and child a bill for $12,187 and be done with it. That's what the Federal Government is spending on your behalf, you should plan to provide it with that revenue.
Browsing at +1 - no ACs, I ignore their posts. So refreshing!
Actually, it's impossible to file without W2s.
So, yeah a crook might be able to glem stuff,
they can't file for you.
It looks like if you (the crook) sign up you can view your victim's old W2s, and from them you can fake it for the following (current) year, fill out a tax return based on those faked W2s and get the refund sent to a compromised bank account. Withdraw the refund money and run away.
250 pages of what people think of the IRS and tax system, all not marked offtopic, and not one person actually found the "create an account" page on their crappily-made website. Anyone know where it is? I'm at a loss.
I only ever got "A technical problem has occurred. Please try your request again later." I'll try again later. I may have answered wrong on a question, but there are no little hints that there was a wrong answer.
Learn to love Alaska
You should be taxed based on the value of the services you receive. Basing it on consumption is a foolish (and economy killing) way to allocate tax liability.
Is it just my observation, or are there way too many stupid people in the world?
I know, it's beneath you to read the fine article, but there's a link in the first sentence of the article which - if you follow it and choose to view an online transcript (which is the subject of the article) you can log in or create a user ID.
Is it just my observation, or are there way too many stupid people in the world?
I don't get to vote. my votes are immediately discarded for not being part of the groupthink of my community.
“Common sense is not so common.” — Voltaire