Dem: IRS could do more to protect to protect taxpayers from phishing schemes

Dem: IRS could do more to protect to protect taxpayers from phishing schemes
© Victoria Sarno Jordan

A Democratic senator is urging the IRS to do more to protect taxpayers from an onslaught of phishing schemes through the use of an email authentication tool. 

Sen. Ron WydenRonald (Ron) Lee WydenHouse bill set to reignite debate on warrantless surveillance Senate confirms No. 2 spot at HHS, days after Price resigns Overnight Cybersecurity: Equifax CEO faces outraged lawmakers | Dem presses voting machine makers on cyber defense | Yahoo says 3 billion accounts affected by 2013 breach MORE (D-Ore.) penned two letters to IRS Commissioner John Koskinen on Wednesday, one of which blasted President Trump’s proposed funding cuts to the IRS, which he argued would further expose American taxpayers to cyber threats. 

The IRS reported an approximate 400 percent increase in phishing and malware incidents during the 2016 tax season in which hackers targeted victims by impersonating the agency. 

The IRS currently uses the Domain-based Message Authentication, Reporting & Conformance (DMARC), a technology platform developed by the IT industry in 2015 that allows an organization to request that phishing emails and other fake messages be sent to a spam folder or rejected by the email recipient’s provider.

ADVERTISEMENT
However, Wyden wrote on Wednesday that the IRS uses the technology in a “less restrictive mode” that automatically notifies the organization of fake emails but does not automatically warn or protect taxpayers on the receiving end. 

“I am concerned that taxpayers may be needlessly exposed to phishing scams because the IRS is not taking full advantage of DMARC’s capabilities,” Wyden wrote, urging the IRS to enable the tool's more restrictive setting. “This simple step could drastically reduce the risk of tax-related phishing attacks.” 

He further argued that federal agencies should universally adopt the technology.

The fiscal year 2018 budget blueprint released by the Office of Management and Budget in March requested $239 million in cuts to the IRS, which the Democrat said would “undermine the IRS’s ability to defend taxpayer data from increasingly sophisticated cyberattacks.”

Trump’s proposal directs the IRS to focus its reduced resources on combatting identity theft, preventing fraud and reducing the deficit by enforcing tax laws. It also calls on the Treasury Department to bolster cybersecurity by investing in a department-wide plan to enhance the security of systems and fragment IT management across the bureaus. 

Still, Wyden argued that the proposed cuts would only set the IRS further back in terms of cybersecurity. 

“I do not know any member of Congress who would respond to a cyberattack on a federal agency like the Department of Defense or Homeland Security by cutting that agency’s resources,” Wyden, ranking member of the Senate Finance Committee, wrote on Wednesday. 

The IRS came under scrutiny last year after it revealed that a 2015 cyberattack exposed the personal information — including Social Security numbers — of more than 700,000 taxpayers.  

Other federal agencies have also fallen victim to high-profile breaches, including the Office of Personnel Management.