An April 2017 report published by IBM Security reveals that tax fraud increased by 6,000 Percent in the last year — and criminals are buying up victims’ stolen information on the deep web.
According to the report, much of this tax fraud happens through spam emails containing fake W-2 forms or malicious links leading to websites that steal personal data. Once hackers obtain their target’s tax data, they move on to use it for profit.
Hackers also use other methods to steal personal information, IBM reports, such as ransomware or breaching employer servers.
Selling Tax Data on the Deep Web
Traditionally, hackers use stolen data to file fake tax returns and receive money from the federal government in the form of tax refunds.
For example, a recent security breach in an IRS tool used by college students to fill out FAFSA forms allowed the hackers to steal tax data from 100,000 students. Using that information to then file phony tax returns, the hackers succeeded in getting a total of US $30 million in tax refunds.
However, IBM Security reports that many thieves have moved away from that method.
As part of a growing trend, IBM says hackers now stockpile data and sell it for bitcoin on the deep web. Purchasers — who buy the data either in bulk or by the record — then submit the fraudulent W-2 forms to the IRS for a tax refund they didn’t earn.
Prospective fraudsters can even purchase “Fullz” — datasets containing complete information on a victim. Buyers can use these “Fullz” to execute a more complete identity theft, IBM Security says.
IBM showed several examples of ads for stolen data on “darknet markets” — ecommerce sites on the deepweb that often sell illicit items. Prices for the datasets shown in the IBM report range from $30 to $50 per record.
If purchased in bulk, though, IBM says criminals can get discounts that “drive the price down to as much as $15 per record for those buying 60 to 100 datasets.”
Can You Keep Your Tax Data Safe?
If a hacker has already executed a successful attack on you — through spam, ransomware, or some other method — you can’t do much to stop them from selling your data to tax fraudsters. The best way to protect yourself, then, is to take preventative measures that keep criminals from accessing your data in the first place.
IBM Security recommends basic practices that anyone can use to keep themselves safer:
Set up an “Identity Protection PIN” with the IRS. This 6-digit number adds an extra layer of security by requiring the taxpayer to provide it for all IRS filings.
File your taxes as soon as possible. The longer you wait to pay your taxes, the more time you give a criminal to use your data for a fraudulent tax return.
Don’t click on suspicious links. You know better than anyone how you file your taxes and what, if any, third-parties you use. Do not click on any unsolicited links — they’re probably spam and likely lead to a malicious website.
The IRS and your accountant will never ask for your information online. The IRS and accountants or third-party tax services never ask for sensitive data online or through email without prior notice. For maximum safety, always submit tax information to your tax preparer in person.
Lastly, if you receive a suspicious email or come across a fake website trying to get your information, report it to the IRS via firstname.lastname@example.org.
Taxes are no fun, and becoming the victim of tax fraud is even worse. Stay safe out there and keep Uncle Sam happy.
You can view the full IBM Security report on tax fraud here:
Have you ever been the victim of tax fraud? Share your experiences down below.
Image via Pixabay