Fraud Attack

Cybercriminals Are Buying Tax Info To Cash In On Fraudulent Refunds


Tax season is a busy time for cybercriminals, with consumers’ personal data being sold online so thieves can file fraudulent tax returns and cash in on refunds.

According to Bloomberg News, experts recently found bulk sales of W-2 forms on the dark web after a scammer had phished a tax preparation firm and was offering 3,600 Florida W-2s for sale. In addition, IBM’s commercial security research team, the IBM X-Force, checked its spam traps for common tax-themed spam and discovered an increase of more than 6,000 percent in the number of common tax scam emails trapped by its system from December 2016 to February 2017.

Why the increase? Tax information is far more valuable than stolen credit card accounts, which can then be closed or frozen and have a short criminal shelf life.

“Tax filing information is probably the most premium type of record criminals can buy on the underground,” said Limor Kessem, executive security adviser of IBM Security. “It goes for $40 or $50, and, unlike credit cards, never expires. People can try and get loans in someone’s name, make fake IDs in people’s names, get credit.”

The top motive for stealing this info is filing a tax return in someone’s name and getting the refund. For example, IBM found that one vender was selling W-2 and 1040 returns as a package for $30 worth of bitcoin, with the prior year’s adjusted gross income (AGI) costing $20 more. Another cybercriminal had an offer that promised data that was “fresh” for 2016 and included W-2 data, date of birth and the AGI figure. The fee on that was $50 in bitcoin per record.

In order to protect themselves, consumers should file their tax returns early to get ahead of the scammers. Keep in mind that the IRS will never send an email about a person’s tax return, so it’s crucial that the links or files in these emails are never opened. Instead, forward the fraudulent message to the IRS at



About: Accelerating The Real-Time Payments Demand Curve:What Banks Need To Know About What Consumers Want And Need, PYMNTS  examines consumers’ understanding of real-time payments and the methods they use for different types of payments. The report explores consumers’ interest in real-time payments and their willingness to switch to financial institutions that offer such capabilities.

Click to comment