While online sales of identity and banking information have both been easily accessible to malicious actors for a decade or more, there has been a recent maturation in the dark web economy focused on tax identity theft.
Carbon Black’s recent research into various marketplaces on the dark web found W-2 forms, 1040 forms and how-to guides for illicitly cashing out tax returns available. W-2s and 1040s are available on the dark web at relatively low cost, ranging from $1.04 to $52. Names, Social Security Numbers (SSNs) and birthdates can be obtained for a price ranging from $0.19 to $62.
For a more comprehensive investment (around $1,000) a relatively inexperienced hacker can purchase authenticated access to a U.S.-based bank account, file a false tax return, claim the IRS refund and cash out via a cryptocurrency exchange for a 100+% return on investment.
Perhaps most notable is that an identity theft cycle can now be completed by an attacker without ever stepping foot outside or showing their face to another human via “identity fraud on demand,” a process by which a hacker can provide stolen/purchased identity information and receive an original image of a person holding a forged passport with matching picture/information and scans of the forged identity documents.
The research also found that various tax identity theft products and services on the dark web are becoming cheaper; sellers are working hard to differentiate themselves and their products; and new products are being developed to meet identity thieves’ demands, forming a living, breathing economy built to empower even entry-level hackers.
This evolution in tax fraud and tax identity theft is congruent to various dark web economies, including ransomware, as Carbon Black outlined in a 2017 report, further suggesting that attackers are constantly evolving their behaviors to “follow the money.” This report highlights some of the offerings available on the robust dark web economy of scale.
Among some of the key findings from the report:
Listings for U.S. NAME/ SSN/DOB/AND MORE available by 10 vendors across four dark web markets. Prices ranged from $0.19 to $62.
Vendors selling PREVIOUS YEAR TAX FORMS, TO INCLUDE W2S, FORM 1040S AND OTHER FORMS. Prices ranged from $1.04 to $52. These typically come from hacked accounting firms and enable false tax return filings.
HOW-TO GUIDES FOR CASHING OUT OTHER PEOPLE’S TAX RETURNS are available for around $5 but one offer, claiming to be the most comprehensive guide for tax refund cash out, was listed for $70.
According to Carbon Black’s research, the current dark web economy is such that, for a $1,000 investment, a relatively inexperienced “hacker” can:
The report also details listings for customer's bank credentials, an emerging trend of "identity fraud on demand," and ways consumers can protect themselves from becoming a tax fraud victim.