Tax Fraud and the Dark Web in 2019

As we head into the day that federal income taxes are due in the USA, new research shows that identity theft is becoming easier, cheaper and more prevalent in 2019 via the dark web. Let’s explore.

by / April 14, 2019
Credit: Carbon Black

As Americans rushed to get their taxes submitted over the past month, the U.S. Internal Revenue Service (IRS) issued consumer alerts about a long list of tax scams. Here are just some of the scams that are described in detail at their website:

  • IRS warns of new phone scam using Taxpayer Advocate Service numbers
  • IRS: Don’t be victim to a “ghost” tax return preparer
  • IRS warns of “Tax Transcript” email scam; dangers to business networks
  • IRS warns of scams related to natural disasters
  • IRS, Security Summit Partners warn of new twist on phone scam; crooks direct taxpayers to IRS.gov to “verify” calls
  • IRS-Impersonation Telephone Scams

The IRS website also describes how to report tax-related schemes, scams, identity theft and fraud.

New Report on Tax Fraud and the Dark Web Released This Week

Just this past week, a startling new report was released on the growing problems associated with tax-related fraud online. Here’s an introduction from the extensive Carbon Black report:  

“Research into various marketplaces on the dark web found W-2 forms, 1040 forms and how-to guides for illicitly cashing out tax returns available. W-2s and 1040s are available on the dark web at relatively low cost, ranging from $1.04 to $52. Names, Social Security Numbers (SSNs) and birthdates can be obtained for a price ranging from $0.19 to $62.

For a more comprehensive investment (around $1,000) a relatively inexperienced hacker can purchase authenticated access to a U.S.-based bank account, file a false tax return, claim the IRS refund and cash out via a cryptocurrency exchange for a 100+% return on investment. …”

In a summary of the findings Carbon Black found these scary statistics with specific numbers showing the low cost to get sensitive data:

  • W-2s and 1040s are available on the dark web at relatively low cost, ranging from $1.04 to $52. Names, social security numbers and birthdates can be obtained for a price ranging from $0.19 to $62
  • For $1K, a relatively inexperienced hacker can purchase authenticated access to a U.S.-based bank account, file a false tax return, claim the IRS refund and cash out via a cryptocurrency exchange for a 100+% return on investment.  
  • How-to guides for cashing out other people’s tax returns are available for around $5 but one offer, claiming to be the most comprehensive guide for tax refund cash out, was listed for $70
  • A hacker can now provide stolen/purchased identity information (Name, DOB, SSN, etc.) and receive an original image of some person holding a forged passport with matching picture/information and scans of the forged identity documents


In a related article from Bleeping Computer, this summary was provided:   

“Financial and social security identity theft services are becoming more and more affordable every year on the dark web, leading to a drop in the skill level required for tax fraud schemes.

This means that even the most inexperienced cybercriminals can now quickly whip up a whole new identity with just a couple of mouse clicks, without even having to bother making a call or meeting with an identity fraud "provider" face to face.

More to the point, it is just as easy for a crook to get his hands on the documents and credentials needed for running a successful tax identity theft campaign these days as is for someone to order a pizza using a food delivery service.”

Finding Meaning in the Numbers

So what can we learn from this new report? Here are some thoughts from Tom Kellermann, chief cybersecurity officer at Carbon Black:

“The dark web has matured into a robust economy of scale where seasoned cybercriminals are selling products and services to entry-level hackers at a significant profit. This evolution we’re seeing further illustrates the migration of traditional crime to online crime.

“Consumers, businesses and governments should all be concerned about the dark web. As our research found, consumers are not the only targets when it comes to dark web crimes. Beyond tax fraud and identity theft, we found bank credentials as well as financial-focused malware for sale. For consumers, locking your credit and practicing good cyberhygiene are paramount. For businesses, understanding where security vulnerabilities exists is key. So is having visibility into everything that’s occurring on the enterprise.”

Final Thoughts

There have been numerous media stories about criminals filing fake tax returns. In one case earlier this year, four defendants pleaded guilty to a scheme defrauding the IRS by using stolen identities to file tax returns and obtain refunds.   

In another study from IBM X-Force, “researchers recently discovered several of these ongoing tax-themed campaigns, three of which affect businesses as well as consumers. Attackers attempt to trick victims with messages appearing to be from major accounting, tax, and payroll services, including ADP and Paychex. Malicious Microsoft Excel attachments packed Trickbot, a common banking Trojan that infects devices to steal data and follow up with wire fraud from the owner's account.”

While the IRS is taking meaningful steps to identify and stop tax fraud, the amount of personally identifiable information (PII) available on the dark web is simply staggering. The low cost of our sensitive data is another indication that our identity theft problem is not going away anytime soon, and is likely getting worse.

Nevertheless, in the midst of these challenges, I am reminded of an inspirational quote by Anne Lamott: "Hope begins in the dark, the stubborn hope that if you just show up and try to do the right thing, the dawn will come. You wait and watch and work: You don't give up."

Let's apply that hope and persistent action to our battle against online crime.

Platforms & Programs