Expert: Time to stop relying on PII for authentication

Last week, the IRS released an updated damage estimate of the hack of the tax transcript request website — cyberthieves used the transcripts to file fraudulent returns in order to get their hands on as much as $39 million in tax refunds.

What is more disconcerting, though, is that the hackers made 200,000 attempts at getting into the system — and succeeded 100,000 times.

That’s because the IRS was using a series of personal questions to authenticate identity. Unfortunately, these days, the hackers often know more of our personal details than we know ourselves — does anyone actually remember the street they lived on five moves ago?

[ ALSO ON CSO Deconstructing an IRS Phishing scam ]

To read this article in full or to leave a comment, please click here