Tax scams are on the rise again as the tax season is approaching. Hackers and scammers are using sophisticated tools and complex software to steal sensitive financial and personal information to file fraudulent tax returns.
There exists two main phases in a tax scam: acquisition of necessary financial and personal information and utilizing data sets to request for tax refunds. In the past, hackers and cybercriminals had to develop unique software and hacking tools in order to obtain financial information. They targeted local servers of corporations and engaged in phishing attacks to mislead people in giving up their tax accounts.
Prior to the commercialization and the adoption of the dark web, it was difficult to monetize these sets of financial information. In other words, revenues generated by hackers failed to complement the amount of time and resources allocated in developing complex software and phishing methods.
Anonymous darknet marketplaces opened a new market for hackers and cybercriminals. Instead of engaging in fraudulent activities such as initiating in illegitimate tax returns, they can simply sell batches of data they acquired and obtained on a darknet marketplace.
Scammers who aren’t necessarily tech savvy individuals usually purchase these sets of data on darknet marketplaces and run fraudulent activities. As The Washington Post investigative journalist and reporter Brian Krebs puts it, scammers on the darknet are “preparing to file fraudulent tax refund requests on behalf of millions of Americans.”
Earlier this month, Krebs came across a darknet marketplace which sold sensitive financial information and personal data including bank account information, Paypal accounts and other personal profiles from financial service providers.
Dissimilar to other marketplaces, this particular cybercriminal shop had a section called “W-2 2016,” which is more commonly known as Form W-2. The form, short for Wage and Tax Statement, is an Internal Revenue Service (IRS) tax form used in the US to report wages paid to employees.
According to Krebs, this marketplace offered every piece of information on individuals from a specific demographic or organization who filed for a W-2 tax form. Krebs stated:
“This particular shop — the name of which is being withheld so as not to provide it with free advertising — currently includes raw W-2 tax form data on more than 3,600 Americans, virtually all of whom apparently reside in Florida. The data in each record includes the taxpayer’s employer name, employer ID, address, taxpayer address, Social Security number and information about 2016 wages and taxes withheld.”
With this collection of information, scammers can apply for tax returns prior to the individuals listed on the list sold in the darknet marketplace. If the scammers process tax returns beforehand, individuals on the list will be rejected by the IRS and will be denied the permission to receive their returns.
For this particular reason, many corporations and institutions prefer to outsource tax processing to other firms to pass the responsibility to a third party provider. There are a wide range of security and privacy risks involved in facilitating tax forms and thus companies prefer not to allocate their resources in facilitating tax submissions.
The commercialization and distribution of tax forms on darknet marketplaces is a profitable operation for boths sides; the hackers and buyers. Hackers can bring in consistent revenue margins based on a fixed price while scammers can purchase W-2 forms for as little as $4 to $20 and potentially receive a much larger sum of money in tax returns.
Analysts like Krebs predicts fraudulent tax return cases to increase exponentially in upcoming weeks, as darknet sellers and scammers become increasingly active.