Tax Day Fraud: “Identity Theft Subscriptions” in High Demand on the Dark Web

With billions of stolen usernames, passwords, banking information and more circulating on the dark web, identity theft is an evolving and lucrative business, one notorious for exploiting vulnerable times and vulnerable populations. COVID-19 was no exception, opening up a world of new opportunities for malicious actors.

While millions of taxpayers took advantage of the of the IRS decision to push back the tax filing deadline to July 15th due to COVID-19, the additional three months gave hackers an even larger window to prepare and profit off identity theft, tax scams, and refund fraud.

In many popular crimeware forums and marketplaces, the VMware Carbon Black Threat Analysis Unit (TAU) uncovered hundreds of newly published identity information packages available across multiple marketplaces, with sellers offering bundles that include SSNs, full names, addresses, DOBs, phone numbers, emails, passwords, and more. For an investment of anywhere between $500 – $10,000, criminals can purchase all of the information needed to commit tax fraud and much more.

Perhaps most notable is the massive number of malicious actors bidding to buy this content, with many interested in “identity theft subscriptions,” requesting and committing to purchasing stolen data weekly, monthly, and even on a daily basis.

Last year, Carbon Black identified a maturation in the dark web economy focused on tax identity theft, with attackers selling W-2 forms, 1040 forms and how-to guides for illicitly cashing out tax returns available at relatively low costs, ranging from $1.04 to $52. Amid global disruption, hackers have shifted their focus to “follow the money,” offering identities in bulk and on a subscription basis, allowing even the most novice cybercriminals to cash in. Many of these storefronts are even made available on the Clearnet, though often require payment or recommendation from someone already inside the forum to gain access.

Some of the recent key findings include:

Timing is Everything

Ahead of the original tax deadline, cybercriminals were selling “fullz,” aka full packages of individuals’ identifying information, with a majority of new offerings becoming available within the last month. Given the importance of timing, hackers not only multiplied identity offerings on their marketplaces but also gave criminals ample runway to prepare and execute on scams and attacks, starting as early as September 2019, though this data can be purchased anytime throughout the year.

Identity Theft Subscriptions

Criminals seize on every opportunity to exploit bad situations. 2020 has presented unlimited opportunities to profit, increasing the demand for identity packages. It has also shifted the buying frequency with hackers looking to purchase data on a subscription basis. These criminals run the gamut from script kiddies to seasoned hackers and scammers.

Tips for Tax Day Cyber Safety

With an understanding of how the underground economy operates and how simple it is for cybercriminals to obtain personal and financial information; cybersecurity is a critical priority. Ahead of Tax Day 2020, adhere to the following best practices:

  • Always use a secure browser: Anytime you’re inputting sensitive information such as an SSN and especially when filing, you should be sure that you’re using a secure and up to date browser.
  • Never use public Wi-Fi: This is the golden rule but especially when filing your taxes. Hackers will often set up fake networks or snoop on the traffic of legitimate ones to steal sensitive data.
  • Implement Home Network Segmentation: Most Wi-Fi routers have the capability to simultaneously host multiple network segments, by keeping sensitive network activity on one VLAN and personal devices, such as IoT and related less-secure devices on the other, you can limit the impact of a breach of  network happens to be breached. Filing your taxes on the sensitive network should help keep your transaction more secure.
  • Enable Multifactor Authentication: Always use more than just a username and password for authentication whenever possible, especially for any websites related to your tax preparation needs. While some multifactor solutions are better than others, adding another layer of security to your accounts is imperative in this day and age.
  • Demand cyber security precautions from your accountant or tax firm: Encryption is a good start, but you shouldn’t just settle for that. It’s important to ensure they’re investing in cybersecurity. One thing you can ask your accountant or tax firm is if they’re practicing micro-segmentation. With many tax professionals now working remotely and consulting via phone or video, you should ensure they have the proper security controls on the device used to process your tax return.
  • Be vigilant: The data used to file a false return is often gathered before Tax Day. You should always be careful what sites you’re visiting, which links you’re clicking, and where you’re inputting sensitive data. If something looks suspicious or too good to be true, chances are it is.

For more from the VMware Carbon Black Threat Analysis Unit (TAU), click here.

The post Tax Day Fraud: “Identity Theft Subscriptions” in High Demand on the Dark Web appeared first on VMware Carbon Black.