While tax season has come to a close, many people are still dealing with a nightmare: tax filing fraud. Greenshades is an online payroll management firm who, according to its blog, had been seeing an increase in “fraudulent login attempts to some client GreenEmployee portals”. Hackers gained authentication information through other sources and were then able to use them when logging into customer accounts due to Greenshades’ SSN/DOB authentication login. As a result, thousands of customers had their 2015 taxes filed fraudulently. In the case of Lower Platte North Natural Resource District, 90 percent of employees were affected.
While there was no technical breach of the Greenshades network, I wanted to highlight an excellent point made by krebsonsecurity.com. They discussed the weakness of SSN/DOB logins and emphasized a disillusionment with the laxity of the company’s security. They also mentioned the prevalence of SSN/DOB authentication within the banking system, a place where we should feel our information is safest. The weakness of SSN/DOB logins is largely due to the fact that this information is available on social media and the dark net. While we must live with knowing that a certain amount of our PII is “out there”, I can’t help but be disappointed with those still using poor authentication practices.