IRS Website Opens Door to Phishers
Chris Soghoian writes on the C|Net "surveill@nce st@te" Blog:
A new IRS Web site that allows taxpayers to check on the status of their refund checks could lead to users being phished.More here.
The new "Where's my stimulus payment?" site asks taxpayers to enter in their Social Security number, and a few other trivial bits of information before informing the user of the amount of their refund, and the date it will be sent out.
While no doubt useful, this Web site sets a horrible example, and encourages dangerous behavior by users. Furthermore, in the hands of someone who knows the last four digits of a taxpayer's Social Security number, it could be used as an oracle (by submitting multiple requests) to determine the full SSN of a taxpayer.
Image source: C|Net
posted by Fergie @ 5/08/2008 02:47:00 PM
0 Comments:
Post a Comment
<< Home