Actors Behind the W2 Tax Phishing Scams

| Comments

This year, Seagate, Snapchat and GCI all reported that hackers have stolen thousands of W-2 from their employees.

What do hackers do with these W-2s?

The W-2 documents that were stolen contain the data needed for Americans to submit a tax refund. Hackers are taking the W-2s and filing a tax return on that person’s behalf but then having the refund money sent to the hacker and not the actual person.

Who is doing this?

The Risky Business podcast interviewed a researcher from myNetWatchman. He stated that a majority of these phishing scams are coming from Lagos Nigeria, Africa. The scammers can sometimes get thousands of W-2s. IRS and Intuit are trying hard to detect mass submissions or unusual patterns which means the scammers have to avoid this by manually submitting the refunds. Because there are so many W-2s to go through with a manual process, it is likely they are selling the W-2s to other interested parties.

A common tax refund could range between $500 – $2500. This goes a long way in Lagos, but may be too low for scammers in Europe to bother with it.

We likely won’t know the full implications of how the W-2 thefts will impact the victims for quite some time. There will probably be future iterations of what can be done with someone’s W-2 that will evolve this type of scam.

Other problems the IRS is having

Fraudsters don’t even need your W-2 to submit a tax refund on your behalf. In 2015, hackers stole social security records of 21.5 million people. With this information, they can forge your W2 and submit that for a refund.

Advice for tax paxers

The IRS has an article stating what you can do to protect yourself against identity theft. It states:

How to reduce your risk Join efforts by the IRS, states and tax industry to protect your data. Taxes. Security. Together. We all have a role to play. Here’s how you can help:

  • Always use security software with firewall and anti-virus protections. Use strong passwords.
  • Learn to recognize and avoid phishing emails, threatening calls and texts from thieves posing as legitimate organizations such as your bank, credit card companies and even the IRS.
  • Do not click on links or download attachments from unknown or suspicious emails.
  • Protect your personal data. Don’t routinely carry your Social Security card, and make sure your tax records are secure.

See Publication 4524.pdf, Security Awareness for Taxpayers, to learn more.

It is also good advice to file your taxes early in the season before a fraudster does it for you.

Posted by Jack infosec, phishing

Comments