-
Cybercriminals are now selling tax documents they stole from other people on the dark web marketplaces at a very low price of $20.
-
The criminals who buy these tax forms use them to file fraudulent tax returns & steal refunds before the victims of the theft act.
-
Experts in cybersecurity now warn that identity theft is usually at its peak during the tax seasons and a lot of data trading activities skyrocket on the dark web marketplaces.
Cybercriminals have started turning tax documents they stole from unsuspecting victims into a lucrative underground commodity.
The security experts at Malwarebytes Labs discovered this new trend amongst the dark web peddlers and this crime trend has skyrocketed due to the tax seasons.
Personal tax records, which house sensitive information such as Social Security numbers & income details, are what hackers sell on the dark web for just $20 making it easy for more would-be criminals to join the crime.
Now, attackers don’t have to steal the data themselves since they can buy it in bulk at a very low price. Once they buy the PII (Personally Identifiable Information and an already prepared W-2 & 1040 forms, they can claim another person’s tax refunds.
According to the researchers, individuals face more risks of fraudulent attacks, financial loss, & cases of impersonations.
Tax Season Boost Phishing Success
Whenever the annual tax filing deadline is upon Americans, the dark web operatives take it as a season to make wealth from SIRF. It is usually the time when scams and identity theft get their peak season.
Usually filling deadlines comes with urgency because many residents don’t want to default and pay the penalties. Also, filing tax information requires sensitive personal information and the pressure makes people fall victim to cybercriminals tricks such as phishing emails, data breaches and fake tax services.
According to Malwarebytes Global Head of Scam & AI Research Shahak Shalev, many residents expect messages related to taxes, refund & tax filings.
As a result they will easily believe phishing emails and false IRS alerts and this will make it easier for cybercriminals to steal their tax documents, gather their personally identifiable information PIIs and sell them for cheap.
The Rate of Stolen Identity Refund Fraud SIRF Skyrockets
The reason behind the hike in the sale of stolen tax documents is because cybercriminals use the personal data to commit stolen identity refund fraud, SIRF.
This is the type of fraud where the bad actor will use a victim’s personal information to file fake tax returns & claims before the real person who pays the tax does. The data they need to complete this crime is just the victim’s name, birth date, and social security number.
To achieve this first before the real taxpayer, the criminals will file the false returns very early during the tax season and grab the refund before the owner knows that’s happening. The criminals usually succeed because the refund will go into the debit cards, address or bank accounts which they’re controlling.
Also, the victims only find out when they eventually file but get rejected or when the tax body sends them a report that they have already issued the refund to them. And this might take months or sometimes years before they find out.
Experts Suggest Simple But Effective Ways to Stay Safe
Since there is no way to avoid the tax season, experts suggests citizens take the following steps to stay safe and secure their tax refunds:
- Early tax filing: If the real tax payer files their tax returns early, the criminals won’t have the chance to do it on their behalf.
- Keep your Social Security Number safe: Every tax payer should not share their SSN easily online unless it is for legit reasons and on the right platforms.
- Get an IRS Identity Protection PIN (IP PIN): this pin is another layer of verification for tax return filing and it will deter criminals from impersonating you.
- Suspect every email and text to prevent phishing: This season, the bad actors will pose as tax services, IRS, or even banks to trick tax payers into revealing their PII. So watch out for any email or text with suspicious demands.
- Watch out for identity theft signs: This period is when to monitor credit reports or accounts to check for tax notices you’re not expecting or rejected returns. Also investigate any financial activity that didn’t originate from you.
- Use complex passwords: It protects your accounts with unique passwords so the criminals don’t hack your account and steal your PII for SIRF.
These same precautions apply to health insurance accounts, especially during open enrollment when scams surge monitoring your health plan statements, using unique passwords for insurance portals, and being wary of unsolicited calls claiming to be from your insurer are essential protections.
