Fraud - Tax Forms Selling for $20 on Dark Web Alert
Basically, criminals are selling your tax information online, making it easier to steal your identity.
Criminals are trading stolen tax records for just $20 on the dark web. This surge in identity theft poses a significant risk to taxpayers. Protect your personal data to avoid becoming a victim.
What Happened
Tax season has become a prime opportunity for identity theft, with criminals actively trading stolen tax records on dark web forums. Malwarebytes researchers have uncovered a disturbing trend where personal information, such as Social Security numbers and dates of birth, is being sold for as little as $20. This practice is known as Stolen Identity Refund Fraud (SIRF), where fraudsters file fake tax returns to claim refunds before the legitimate taxpayer can.
As Americans rush to meet tax deadlines, cybercriminals exploit this urgency. They send phishing emails that mimic IRS alerts, making it easier for them to deceive unsuspecting individuals. The dark web has transformed into a marketplace where personal data is not just available but commoditized, allowing fraudsters to purchase complete tax forms and even access to compromised accounting firms.
Who's Affected
The victims of this fraud are primarily taxpayers who unknowingly have their identities stolen. When criminals file fake tax returns using stolen information, the real taxpayers often only discover the fraud when their legitimate returns are rejected by the IRS. This can lead to significant delays in receiving refunds and can complicate their tax situations for years to come.
Moreover, small businesses that handle tax preparation are also at risk. Cybercriminals are targeting these companies to gain access to large datasets of sensitive information. The impact extends beyond individual taxpayers, affecting trust in the entire tax system.
What Data Was Exposed
The data being traded includes highly sensitive Personally Identifiable Information (PII) such as Social Security numbers, tax forms (W-2s and 1040s), and bank details. In one instance, a bulk package of 100 complete tax forms was listed for $2,000, effectively pricing each stolen identity at just $20. This commoditization of PII highlights the efficiency and organization of the criminal underground.
Additionally, fraudsters are not just selling raw data; they offer complete “fraud-as-a-service” solutions. This includes access to compromised networks, forged documents, and even tutorials on executing these scams, making it easier for less experienced criminals to participate in tax fraud.
What You Should Do
To protect yourself from becoming a victim of identity theft during tax season, consider these proactive measures:
- File your taxes early to reduce the chance of criminals submitting a fake return in your name.
- Safeguard your Social Security number and avoid sharing it unless absolutely necessary.
- Stay vigilant against phishing attempts that may come through emails or texts pretending to be from the IRS or tax services.
- Use strong, unique passwords for your online accounts to prevent unauthorized access.
- Monitor your financial accounts and credit reports regularly for any unusual activity or unexpected tax notices.
- Consider obtaining an IRS Identity Protection PIN (IP PIN), which adds an extra layer of security when filing your taxes.
By taking these steps, you can significantly reduce your risk of falling victim to identity theft and protect your personal information during this critical time.
Malwarebytes Labs