Audit: IRS employees susceptible to social engineering

By

Employees at the Internal Revenue Service were apt to fall victim to social engineering scams, according to an audit by the Inspector General for Tax Administration.

Auditors placed phone calls to 100 IRS managers and employees, posing at IT helpdesk personnel needing help to fix a network problem. They were able to convince 35 employees to divulge their user account names and change their passwords.


"Using our test scenario, a hacker or disgruntled employee could obtain user names and passwords to gain unauthorized access to the IRS systems," according to the audit.

The audit was about a 50 percent improvement over a similar test the IG conducted in August 2001, but IRS employees need more security awareness, the IG said.

Daniel Galik, IRS chief of mission assurance and security services, said in a written response that his office agreed with the IG's recommendations that it boost security awareness about social engineering risks.

The IRS has incorporated the topic of social engineering into its mandatory online security awareness training and plans to issue periodic reminders to employees about the issue, he said.

www.treas.gov/tigta

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers

Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies

Woolworths' CSO is Optus-bound

Woolworths' CSO is Optus-bound

Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames

Log In

  |  Forgot your password?