Connect with us

Hi, what are you looking for?


Fraud & Identity Theft

IRS Shuts Down e-File PIN Tool After More Attacks

The U.S. Internal Revenue Service (IRS) announced last week that it has decided to shut down the electronic filing PIN tool on its website after detecting more automated attacks.

The U.S. Internal Revenue Service (IRS) announced last week that it has decided to shut down the electronic filing PIN tool on its website after detecting more automated attacks.

The e-File PIN tool on allowed taxpayers to generate PINs that they could use to file tax returns online. The agency reported in February that identity thieves had obtained more than 100,000 PINs by launching an automated bot attack against the tool.

Fraudsters had used names, addresses, dates of birth, filing statuses and social security numbers obtained from other sources to abuse the e-File PIN tool. The IRS kept the application online – at the time it had been used by most commercial tax software products – but implemented additional security features.

The agency recently detected another round of automated attacks at an increasing frequency and despite only a small number of PINs being affected, it has decided to shut down the program as a safety measure. The IRS believes only a small segment of taxpayers are affected because most users don’t actually need the PIN to electronically file tax returns.

The IRS said taxpayers can use the adjusted gross income that can be found in the tax returns from the prior year. For those who don’t have copies of tax returns, they can be obtained via the Get Transcript service.

“Prior to this, the IRS had been working with industry to assess elimination of the e-File PIN later this year,” the agency said.

Earlier this year, the organization also suspended its Identity Protection PIN tool due to security concerns. The tool allows taxpayers to generate or recover a PIN that provides an extra layer of protection against fraudulent tax returns.

The IRS recently relaunched its Get Transcript service after it had been shut down for more than a year. The service was launched in January 2014 and suspended in May 2015 due to abuse. Several people have been prosecuted for running fraud schemes involving Get Transcript.

Advertisement. Scroll to continue reading.

The agency says it has made some significant improvements to the Get Transcript authentication process in an effort to prevent fraudsters from abusing the system.

Related: IRS “Get Transcript” Incident Hit Over 700,000 Taxpayers

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.


The AI Risk Summit brings together security and risk management executives, AI researchers, policy makers, software developers and influential business and government stakeholders.


People on the Move

Satellite cybersecurity company SpiderOak has named Kip Gering as its new Chief Revenue Officer.

Merlin Ventures has appointed cybersecurity executive Andrew Smeaton as the firm’s CISO-in-Residence.

Retired U.S. Army General and former NSA Director Paul M. Nakasone has joined the Board of Directors at OpenAI.

More People On The Move

Expert Insights