Categories: CyberCrimeSecurity

IBM Report Details 2017 Tax Scams As IRS Filing Deadline Nears

It’s that time of year again, when Americans rush to file income taxes with the U.S Internal Revenue Service (IRS) and hackers fill inboxes with tax-related spam and phishing email attacks. As the Tax Day 2017 filing deadline of Tuesday April 18 nears, IBM Security is warning of a spike in tax-related spam email and related fraud scams that aim to exploit unsuspecting tax filers.

IBM is out with a new report today titled, ‘Cybercrime Riding Tax Season Tides: Trending Spam and Dark Web Findings’ that details how attackers are ramping up their efforts ahead of Tax Day 2017.

According to the report, IBM X-Force security researchers have tracked a 6,000 percent increase in tax-related spam emails from December 2016 to February 2017. A year ago ahead of Tax Day 2016, the IRS issued a warning of its own, about a 400 percent increase in phishing and malware incidents during that year’s tax season.

Limor Kessem, Executive Security Advisor at IBM Security commented that so far in 2017, IBM has seen an increase in the sophistication of tax fraud. She added that this year is also the first year that IBM is seeing campaigns that are targeting businesses.

“Last year, consumer tax fraud was the most common illicit activity linked with compromised taxpayer information,” Kessem told eWEEK. “This year, things are getting bigger and bolder.”

Scam warning

IBM’s research this year has found that beyond the usual consumer fraud, cyber-criminals are now also going after businesses to rob IRS W-2 form data for batches of employees at once. Kessem explained that the stolen W-2 data is being used by the criminals to file numerous fraudulent returns, or sold in dark web markets to other criminals. According to IBM, some criminals are selling taxpayer information for as little as $50 per record.

Kessem explained that historically, cybercriminals have been selling what they call ‘fullz’ data sets in the underground, including victims’ payment card data, contact information and personally identifiable information like date of birth, mother’s maiden name and these also sell for up to $50 on the dark web.

“The taxpayer datasets are priced similarly because they contain a wealth of information on the victim, often offering up their annual gross income (AGI) to allow the criminal to file a return without additional challenge,” Kessem said.

There is also a connection between tax-related fraud attacks and the growing problem of Business Email Compromise (BEC) attacks. With a BEC attack, a hacker sends a fraudulent request for payment or information to a company, that appears to be legitimate. On March 21, the U.S Department of Justice announced that it has charged a single individual in connection with a BEC scam that resulted in the theft of $100 million from a pair of U.S corporations. Kessem said that cybercriminals are using BEC fraud to trick employees in the finance or HR departments into both sending taxpayer data to the criminals and compromising the company’s bank account or making them unwittingly wire money to the criminals.

Overall, Kessem noted that fraudsters have a variety of ways to get taxpayer information, depending on their technical skill levels. The lower end, but nonetheless dangerous breeds of criminals, use social engineering and BEC scams to lure employees into sending them bulk W-2 data in the guise of a request from a CEO or a CFO. She added that some criminals phish the data by taking over the accounts of victims that file via tax software vendors.

“The more technically inclined may breach a company’s infrastructure to steal data directly from their internal servers,” Kessem said.

One trend that hasn’t quite yet landed in the U.S yet is ransomware linked tax scams, though IBM has seen that in the U.K. Kessem said that that what IBM looked at for its’ report is ransomware in tax-themed emails, finding Cerber malware in the UK.

“We did not find this specific case related to taxes in the US, but ransomware does use a plethora of ploys to get on American users’ endpoints, so it could be the case that some small campaigns of this nature did take place,” Kessem said.

Originally published on eWeek

Sean Michael Kerner

Sean Michael Kerner is a senior editor at eWeek and contributor to TechWeek

Recent Posts

Vodafone Germany Confirms 2,000 Job Losses, Amid European Restructuring

More downsizing at Vodafone after German operation announces 2,000 jobs will be axed, as automation…

15 hours ago

AI Poses ‘Jobs Apocalypse’, Warns Report

IPPR report warns AI could remove almost 8 million jobs in the United Kingdom, with…

16 hours ago

Europe’s Longest Hyperloop Test Track Opens

European Hyperloop Center in the Netherlands seeks to advance futuristic transport technology, despite US setbacks

17 hours ago

NHS Scotland Confirms Clinical Data Published By Ransomware Gang

NHS Dumfries and Galloway condemns ransomware gang for publishing patients clinical data after cyberattack earlier…

18 hours ago

Fewer People Using Twitter After Musk Takeover – Report

Research data suggests fewer people are using Elon Musk's X, but platform insists 250 million…

21 hours ago

Julian Assange Wins Temporary Reprieve For US Extradition Appeal

US assurances required. Julian Assange handed a slender reprieve in fight against his extradition to…

23 hours ago