Close
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Menu
Search
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    IBM Report Details 2017 Tax Scams as IRS Filing Deadline Nears

    By
    Sean Michael Kerner
    -
    April 5, 2017
    Share
    Facebook
    Twitter
    Linkedin
      cyber-crime

      It’s that time of year again, when Americans rush to file income taxes with the U.S Internal Revenue Service (IRS) and hackers fill inboxes with tax-related spam and phishing email attacks. As the Tax Day 2017 filing deadline of Tuesday April 18 nears, IBM Security is warning of a spike in tax-related spam email and related fraud scams that aim to exploit unsuspecting tax filers.

      IBM is out with a new report today titled, ‘Cybercrime Riding Tax Season Tides: Trending Spam and Dark Web Findings’  that details how attackers are ramping up their efforts ahead of Tax Day 2017. According to the report, IBM X-Force security researchers have tracked a 6,000 percent increase in tax-related spam emails from December 2016 to February 2017. A year ago ahead of Tax Day 2016, the IRS issued a warning of its own, about a 400 percent increase in phishing and malware incidents during that year’s tax season.

      Limor Kessem, Executive Security Advisor at IBM Security commented that so far in 2017, IBM has seen an increase in the sophistication of tax fraud. She added that this year is also the first year that IBM is seeing campaigns that are  targeting businesses.

      “Last year, consumer tax fraud was the most common illicit activity linked with compromised taxpayer information,” Kessem told eWEEK. “This year, things are getting bigger and bolder.”

      IBM’s research this year has found that beyond the usual consumer fraud, cyber-criminals are now also going after businesses to rob IRS W-2 form data for batches of employees at once.  Kessem explained that the stolen W-2 data is being used by the criminals to file numerous fraudulent returns, or sold in dark web markets to other criminals. According to IBM, some criminals are selling taxpayer information for as little as $50 per record.

      Kessem explained that historically, cybercriminals have been selling what they call ‘fullz’ data sets in the underground, including victims’ payment card data, contact information and personally identifiable information like date of birth, mother’s maiden name and these also sell for up to $50 on the dark web. 

      “The taxpayer datasets are priced similarly because they contain a wealth of information on the victim, often offering up their annual gross income (AGI) to allow the criminal to file a return without additional challenge,” Kessem said.

      There is also a connection between tax-related fraud attacks and the growing problem of Business Email Compromise (BEC) attacks. With a BEC attack, a hacker sends a fraudulent request for payment or information to a company, that appears to be legitimate. On March 21, the U.S Department of Justice announced that it has charged a single individual in connection with a BEC scam that resulted in the theft of $100 million from a pair of U.S corporations. Kessem said that cybercriminals are using BEC fraud to trick employees in the finance or HR departments into both sending taxpayer data to the criminals and compromising the company’s bank account or making them unwittingly wire money to the criminals.  

      Overall, Kessem noted that fraudsters have a variety of ways to get taxpayer information, depending on their technical skill levels. The lower end, but nonetheless dangerous breeds of criminals, use social engineering and BEC scams to lure employees into sending them bulk W-2 data in the guise of a request from a CEO or a CFO. She added that some criminals phish the data by taking over the accounts of victims that file via tax software vendors. 

      “The more technically inclined may breach a company’s infrastructure to steal data directly from their internal servers,” Kessem said.

      One trend that hasn’t quite yet landed in the U.S yet is ransomware linked tax scams, though IBM has seen that in the U.K.  Kessem said that that what IBM looked at for its’ report is ransomware in tax-themed emails, finding Cerber malware in the UK. 

      “We did not find this specific case related to taxes in the US, but ransomware does use a plethora of ploys to get on American users’ endpoints, so it could be the case that some small campaigns of this nature did take place,” Kessem said.

      Avatar
      Sean Michael Kerner
      Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.

      MOST POPULAR ARTICLES

      Android

      Samsung Galaxy XCover Pro: Durability for Tough...

      Chris Preimesberger - December 5, 2020 0
      Have you ever dropped your phone, winced and felt the pain as it hit the sidewalk? Either the screen splintered like a windshield being...
      Read more
      Cloud

      Why Data Security Will Face Even Harsher...

      Chris Preimesberger - December 1, 2020 0
      Who would know more about details of the hacking process than an actual former career hacker? And who wants to understand all they can...
      Read more
      Cybersecurity

      How Veritas Is Shining a Light Into...

      eWEEK EDITORS - September 25, 2020 0
      Protecting data has always been one of the most important tasks in all of IT, yet as more companies become data companies at the...
      Read more
      Big Data and Analytics

      How NVIDIA A100 Station Brings Data Center...

      Zeus Kerravala - November 18, 2020 0
      There’s little debate that graphics processor unit manufacturer NVIDIA is the de facto standard when it comes to providing silicon to power machine learning...
      Read more
      Apple

      Why iPhone 12 Pro Makes Sense for...

      Wayne Rash - November 26, 2020 0
      If you’ve been watching the Apple commercials for the past three weeks, you already know what the company thinks will happen if you buy...
      Read more
      eWeek


      Contact Us | About | Sitemap

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Property of TechnologyAdvice.
      Terms of Service | Privacy Notice | Advertise | California - Do Not Sell My Information

      © 2021 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×