Excuse Me, Are You Using That Child Tax Credit?

Next: Conferences You Should Know About: A Recap of...
Previous: Breaking Through Convention with BSidesNYC
Meet the people who are excited about tax season.
Writer Emma Z.
January 18, 2018

Emma serves as the Director of Analysis at Terbium Labs, working on evaluating and contextualizing threats to customer data. She spends a lot of time reading forum drama on the dark web, writing regular expressions, and drinking LaCroix on the train between DC and Baltimore.

Even with the turmoil taking over the dark web’s major marketplaces earlier this year, fraud vendors have set up new shops just in time for tax season. While many people won’t think about filing their tax returns until March or April (or even later, if they file an extension), for the denizens of the dark web, time is of the essence; the earlier a dark web actor files a fraudulent tax return, the more likely they will beat their victims to the proverbial punch.

To file a fraudulent tax return, the fraudster first needs to get their hands on exactly the same information that is needed when filing the real thing. Lucky for them, just about everything they need is available on the dark web, provided they know where to look and have the Bitcoin to pay for it.

Year-round, dark web vendors hawk full identity packs, or ”fullz”, which contain first and last names, social security numbers, driver’s license numbers, dates of birth, and other personal information. While fraudsters can use fullz to commit tax fraud, additional information is required: W2 forms, Employee Identification Numbers, or pay stubs. On Dream, the largest dark web marketplace, a W2 will cost a buyer $52—cheap compared to the potential money that can be made off a fraudulent return. On other marketplaces, the price is even lower—$45 each, discounted to $35 each for orders of ten or more.


Just like their legitimate counterparts, fraudsters are always looking for ways to claim extra tax credits to maximize their return. Earlier, our Director of Analysis, Emily Wilson, discussed with CNN how in addition to child data we’ve seen listed for sale, we’re now seeing information specifically advertised as infants’ data. On Dream, an enterprising vendor lists “Infant fullz get em befor tax seson [sic].” For the relatively high price of $312, a buyer can purchase an infant’s name, social security number, date of birth, and mother’s maiden name. With a maximum child tax credit of $1,000 per child, that is a potentially significant return on investment, assuming the buyer successfully files and claims the return. While these fullz don’t come complete with the parents’ information, they do come with the mother’s maiden name. An enterprising buyer can find the remaining details through open-source data sets or by harvesting the parents’ other online presences like social media accounts.

Infant Fullz.png

An inexperienced fraudster can also purchase a tax fraud guide, which outlines exactly how to file a fraudulent tax return without detection. One vendor claims that their guide was originally priced at $175; it is now listed for just $5. Other tutorials are available for as little as $2 or, on carding forums, the guides can be found for free, often posted as “security exercises for discussion.” While many guides for sale on the dark web are essentially useless either because they are out of date or because they do not contain any topical information at all, a high quality guide walks buyers through the process of committing fraud. The most useful guides may not be publicly advertised at all; rather than selling to just any buyer, experienced fraudsters tend to keep the most valuable tips and tricks to themselves, or circulate it among a small, trusted group.

Unlike other forms of fraud, tax fraud is cyclical; there’s little interest in purchasing a W2 or other tax-specific information in July. Now that tax season approaches, however, it’s likely the volume of tax fraud-specific listings on the dark web will grow, with more vendors listing products to match demand. The recent disruption to the tax code and the shake-ups on the dark web will not stop the tax fraud machine—as always, fraud finds a way.

analysis December 06, 2018
The Year Ahead: Developments in the Dark Web Data Trade

Sensitive data had a very bad year in 2018—and the year isn’t over yet. With the increase of large-scale breaches, what drives the underground economy for data on dark web markets? How will that...

analysis October 08, 2018
The Nine Lives of a Stolen Payment Card

For financial institutions, simply cancelling and issuing a new card will only prevent fraudulent charges on that specific payment card—a canceled card does nothing to stop future fraudulent activity stemming from other compromised cardholder...