Even with the turmoil taking over the dark web’s major marketplaces earlier this year, fraud vendors have set up new shops just in time for tax season. While many people won’t think about filing their tax returns until March or April (or even later, if they file an extension), for the denizens of the dark web, time is of the essence; the earlier a dark web actor files a fraudulent tax return, the more likely they will beat their victims to the proverbial punch.
To file a fraudulent tax return, the fraudster first needs to get their hands on exactly the same information that is needed when filing the real thing. Lucky for them, just about everything they need is available on the dark web, provided they know where to look and have the Bitcoin to pay for it.
Year-round, dark web vendors hawk full identity packs, or ”fullz”, which contain first and last names, social security numbers, driver’s license numbers, dates of birth, and other personal information. While fraudsters can use fullz to commit tax fraud, additional information is required: W2 forms, Employee Identification Numbers, or pay stubs. On Dream, the largest dark web marketplace, a W2 will cost a buyer $52—cheap compared to the potential money that can be made off a fraudulent return. On other marketplaces, the price is even lower—$45 each, discounted to $35 each for orders of ten or more.
Just like their legitimate counterparts, fraudsters are always looking for ways to claim extra tax credits to maximize their return. Earlier, our Director of Analysis, Emily Wilson, discussed with CNN how in addition to child data we’ve seen listed for sale, we’re now seeing information specifically advertised as infants’ data. On Dream, an enterprising vendor lists “Infant fullz get em befor tax seson [sic].” For the relatively high price of $312, a buyer can purchase an infant’s name, social security number, date of birth, and mother’s maiden name. With a maximum child tax credit of $1,000 per child, that is a potentially significant return on investment, assuming the buyer successfully files and claims the return. While these fullz don’t come complete with the parents’ information, they do come with the mother’s maiden name. An enterprising buyer can find the remaining details through open-source data sets or by harvesting the parents’ other online presences like social media accounts.
An inexperienced fraudster can also purchase a tax fraud guide, which outlines exactly how to file a fraudulent tax return without detection. One vendor claims that their guide was originally priced at $175; it is now listed for just $5. Other tutorials are available for as little as $2 or, on carding forums, the guides can be found for free, often posted as “security exercises for discussion.” While many guides for sale on the dark web are essentially useless either because they are out of date or because they do not contain any topical information at all, a high quality guide walks buyers through the process of committing fraud. The most useful guides may not be publicly advertised at all; rather than selling to just any buyer, experienced fraudsters tend to keep the most valuable tips and tricks to themselves, or circulate it among a small, trusted group.
Unlike other forms of fraud, tax fraud is cyclical; there’s little interest in purchasing a W2 or other tax-specific information in July. Now that tax season approaches, however, it’s likely the volume of tax fraud-specific listings on the dark web will grow, with more vendors listing products to match demand. The recent disruption to the tax code and the shake-ups on the dark web will not stop the tax fraud machine—as always, fraud finds a way.