IRS Workers Fall for Simulated Password Scam
According to a recent internal audit, 60 percent of IRS employees fell for the oldest trick in the book, allowing auditors posing as help-desk employees access to their digital identities, and by extension your personal and private information.
On the plus side, the report says the agency’s computers have never been violated, despite frequent attempts.
Your support matters…
Brace yourself for another fine example of the tech-savviness of federal bureaucrats (and yes, this sentence is dripping with sarcasm).
According to a report released Friday (PDF) by the Treasury Department’s inspector general, 60 percent of a sampling of 102 Internal Revenue Service employees, when contacted by government auditors posing as help-desk employees, were perfectly willing to reveal their usernames and change their passwords to ones suggested by the callers.
The auditors said they were particularly alarmed by this year’s findings against the backdrop of a similar test in 2004, when only 35 percent fell for the trick. In 2001, 71 percent succumbed to the requests, which led the IRS to take “corrective actions” designed to raise awareness about social-engineering attempts and password protection requirements.
Independent journalism is under threat and overshadowed by heavily funded mainstream media.
You can help level the playing field. Become a member.
Your tax-deductible contribution keeps us digging beneath the headlines to give you thought-provoking, investigative reporting and analysis that unearths what's really happening- without compromise.
Give today to support our courageous, independent journalists.