The year 2020 has presented an endless list of possibilities as far as the cybercriminal enterprise could go, as hackers have seized every chance to profit from the COVID-19’s economic-related effects.
A majority of the modern organizations and government institutions have become “sitting ducks” to the rapidly-evolving communities of aggressive cybercriminals. In fact, the currently-raging coronavirus pandemic has not seen the ebb of cases involving stolen usernames, passwords, banking credentials and other forms of sensitive data.
In recent times, dark web-hosted cybercriminals have taken advantage of oblivious users through tax fraud schemes.
Reports indicate that while numerous taxpayers became relieved when the Internal Revenue Service (IRS) shifted the tax filing deadline to July 15 due to COVID-19, the extra three months provided cybercriminals with a larger window to plan and execute identity theft and refund fraud schemes.
Indeed, identity theft continues to top the list of the cybercriminal world’s staple as evidenced by the increased demand for subscription packages for identity theft information sold via darknet. With such subscriptions, hackers are enhancing their cyber capacities through the constant access to raw materials.
The Dark Web Focus on Identity Theft
With thousands of stolen databases being moved across the dark web, identity theft has become a highly dynamic and profitable business.
A scan conducted by the VMware Carbon Black Threat Analysis Unit, a firm specializing in advanced cyber intelligence, found a striking number of identity theft-related posts on popular hacking forums and darknet platforms.
The identity information packages that were found in the study included the advertisement of stolen bundles comprising people’s names, Social Security Numbers (SSNs), addresses, dates of birth, cellphone numbers, emails and passwords.
In terms of pricing, the researchers revealed that cybercriminals can acquire the identity information packages for between $500 and $10,000, and use the data to orchestrate brazen tax fraud schemes and other varied forms of cybercriminal campaigns.
In highlight, the VMware Carbon Black Threat Analysis Unit found a significantly high demand for “identity theft subscriptions” on the dark web – with a large number of cybercriminals bidding to purchase the subscriptions with a commitment to regularly buy stolen data.
Interestingly, it appears that the latest findings on identity theft subscriptions were reflected on a 2019 Carbon Black report that shared insights about the darknet sale of identity theft information packages.
The firm revealed the maturation in the darknet economy to exploit the lucrative tax identity theft, which saw hackers trade in W-2 forms, 1040 forms and tutorials for “how to illegally cash out tax returns”. Then, the above items attracted a relatively low cost as malicious actors shifted their focus to deals involving bulk identities and identity theft subscription packages.
The fact that cybercriminals could benefit from such flexible commercial arrangements reflected on the industry’s advancement as Clearnet storefronts and novice cybercriminals thrived.
Quick Cyber Safety Tips
With an understanding of how cybercriminals can make money using stolen identities, users should stay vigilant at all times – especially ahead of tax days.
First, using a secure browser can go a long way to prevent the leaking of sensitive data to malicious actors. Secure browsing should be coupled with the habit of avoiding to public Wi-Fi networks.
The importance of enabling multifactor authentication cannot be overstated. The traditional username-password combination should be reinforced with robust multifactor solutions that would add the much-needed extra layer of cyber security.
Apart from data encryption, it is critical that users demand cybersecurity precautions from tax professionals and accountants. Considering that a number of these professionals have been forced to work remotely due to the COVID-19 restrictions, it is imperative that a user ensures that their tax returns are processed using well-secured devices.