Welcome to the Pondera FraudCast, a weekly blog where we post information on fraud trends, lessons learned from client engagements, and observations from our investigators in the field. We hope you’ll check back often to stay current with our efforts to combat fraud, waste, and abuse in large government programs.
It’s April, which every year brings more news about tax fraud scandals. The news this year, however, is even more disturbing than expected. IBM’s X-Force threat intelligence group released a report last week that showed a 6,000% increase in spam emails designed to steal information from W-2s and other tax documents. Last year, these criminals “earned” over $3 billion through similar scams. And if you were one of the victims, then you are already familiar with the hassles of having your return stolen or a completely false one filed using your identity.
The continuing use of the Dark Web is a major factor behind the acceleration in this form of cybercrime. Stolen identities that include tax information are currently fetching around $40 on illicit marketplaces. While this may not seem like much, it is extremely lucrative when a fishing scam succeeds at stealing thousands of identities. So lucrative, in fact, that would-be scammers can even visit the Dark Web to buy online tutorials on how to perpetrate tax fraud.
Popular scams this year include sending emails that appear to be sent from TurboTax and other tax preparation companies. The hope is that you respond because you use that tax service. So-called spearfishing scams are also targeting corporate human resource departments. They will often send an email to an HR manager, seemingly from a member of the company’s executive staff, requesting W-2 and other tax information on the company’s employees.
Cybercriminals will continue to hone their skills resulting in more convincing emails and websites. They will continue to take advantage of technologies that allow them to increase the number of outbound messages. And they will continue to learn and share new techniques on the Dark Web. This means that all of us, as businesses and as private citizens, need to step up our efforts to protect data. These days, it’s no longer just “a fool and his money” who are soon parted.