Tax - and Peak PII - Season is Here

Next: Poseiden and the Brazilian Data Deluge
Previous: Our Partnership with TRSS
As the deadline to file tax returns approaches in the U.S., we see a significant uptick in leaked PII.
Writer Emily W.
March 03, 2016

Emily serves as the VP of Research at Terbium Labs. With a background in International Relations, Emily alternates between quiet rants about Russian politics and foreign policy, while crafting blog posts about the realities of the Dark Web (hint: red rooms aren't real).

Tax season is upon us. In the midst of accountants marketing their services and non-stop emails incentivizing the use of tax software, personally identifiable information (PII) continues to appear in large dumps across the dark web. We’ve seen a sizeable increase in the presence of PII over the last month. The increase in PII as tax season approaches puts breach victims at an even greater risk for identity theft and tax fraud.

PII appears on the dark web in a variety of formats. Whether a simple email and password combination or a complete and detailed breakdown of personal and financial details, criminals require very little assistance to consolidate all of the information they need to conduct fraudulent activities. An email and password may seem innocuous in comparison to a detailed list of personal information, but gaining access to an account — whether an email account, a social media account, or a retail merchant account — gives criminals everything they need to piece together an identity. Missing pieces (a Social Security Number, a security question) can be sourced or sold on the dark web.

The most concerning PII dumps we see are the ones that remain unattributed to a specific source, group, or organization. Every day, Terbium Labs indexes many thousands of pieces of PII, of which only a tiny percentage is identified by the original poster or vendor. For every vendor claiming credit for the database they breached, or the music accounts they have for sale, there are thousands of dumps containing detailed PII, and no one (least of all the account holder) is the wiser. The IRS has already publicized two instances of tax fraud in their internal systems, which is only the beginning of the outbreak of tax fraud we anticipate over the next two months. We have even indexed database dumps belonging to online tax software companies - not the news you want to hear when you trust them with your personal information.

analysis June 24, 2019
New Research: Terbium Labs Uncovers Pervasive Links Between Fraud and Transnational Crime

Terbium Labs investigated the links between payment fraud and serious transnational crime. This research begins to fill a gap in understanding about the use of fraudulent financing in some of the most heinous crimes...

analysis April 17, 2019
Terbium Labs Investigates Dark Web Fraud Guides for an Inside Look on Cyber Crime

With our latest research, Fraud Guides 101: Dark Web Lessons on How to Defraud Companies and Exploit Data, Terbium Labs investigates dark web fraud guides to create a detailed, first-hand account of the illicit...