W-2 tax forms for 2016 can be bought and sold on the dark web at $20 or less

Hacker
hamburg_berlin/Shutterstock
Security researcher Brian Krebs reports that hackers are now selling W-2 tax forms on the dark web, a collection of websites that requires special software or authorization to access and can’t be found using Google or Bing. It’s an online world where pirated software can be obtained and cybercriminal shops can thrive, selling goods like PayPal account credentials, stolen credit cards, and now apparently last year’s tax forms.

According to Krebs, the W-2 tax form data was up for sale on an unnamed dark web shop under the “other” category. The data stemmed from more than 3,600 residents from Florida and included their employer’s name, employer ID, and employer address. The info also included the taxpayer’s personal information such as address, social security number, 2016 wage information, and the taxes withheld.

The stolen W-2 records required Bitcoins to purchase and their cost depended on the wage made by the taxpayer, ranging between $4 and $20 each. Thus, the higher the wage, the more money thieves could possibly land if they are successful in tricking the Internal Revenue Service with a fraudulent tax form filed using the purchased taxpayer information.

The tax information may have stemmed from a Florida-based firm called The Payroll Professionals. Krebs figured this out after a source purchased two of the listed W-2 forms stemming from Kirai Restaurant Group LLC. Krebs contacted the restaurant company who said it outsources employee tax forms to The Payroll Professionals.

A representative of The Payroll Professionals confirmed with Krebs that the company was aware of a “potential hacking” and was currently informing customers of the potential problem. Krebs found additional W-2 tax forms on the dark web storefront stemming from companies that use The Payroll Professionals to handle their payroll.

How The Payroll Professionals was hacked is unknown. In a typical scenario, scammers would spoof a bogus email to resemble a high-ranking official in a company and send it to human resources and the payroll department. The email would demand a copy of all employee W-2 data to be returned immediately.

Just days ago, a hacker impersonated Sunrun CEO Lynn Jurich in an email sent to the company’s payroll department and received employee W-2 forms for 2016. The hacker got away with “a substantial portion” of the company’s current and former employee personal and financial information. Luckily, Sunrun’s customer database was not affected by the phishing scam.

“Sunrun recognized the issue within one hour of the scam and immediately began working with the proper authorities,” the company said Friday. “We are committed to the safety and security of our employees’ information and will continue to work diligently to increase the security of our systems and implement tighter controls.”

Taxpayers worried about hackers filing fraudulent claims on behalf of their information can use file form 14039 (pdf) if they believe they are victims of identity theft. Taxpayers can also request a six-digit Identity Protection PIN to help combat fraudulent tax returns.

Computing

Acer’s new Swift and Nitro laptops are now powered by the latest AMD chips

Ahead of Computex, Acer has announced a pair of updates to a couple of its most popular budget laptop lines. Both the Nitro 5 and Swift 3 will now be powered completely by AMD silicon in the form of Ryzen 7 Mobile.
Movies & TV

The best shows on Netflix right now (May 2019)

Looking for a new show to binge? Lucky for you, we've curated a list of the best shows on Netflix, whether you're a fan of outlandish anime, dramatic period pieces, or shows that leave you questioning what lies beyond.
Podcasts

Should Facial Recognition software be regulated?

Mobile technology is finally advancing out of the standard form we've become used to. The Samsung Galaxy Fold is one example of further innovation and possibly a redesign of how we communicate and interact with our devices. Will 5G…
Emerging Tech

The moon is shrinking as it loses heat, new images reveal

New research suggests the Moon is shrinking. NASA scientists have used data from their Lunar Reconnaissance Orbiter Camera to look at wrinkles in the surface of the Moon which are formed as it loses heat and shrinks in size.
Computing

Keep your kids safe online with these great parental control tools

The internet can be a dangerous place, especially for your loved ones. Check out our selection of the best free parental control software for Windows and MacOS, so you can monitor your child and block unsavory sites.
Computing

These external drives have speed, durability, and storage space to spare

Whether you want an external storage drive that is fast, portable, or comes with a ton of storage, these are the best external hard drives available today. They all come with great features and competitive pricing.
Computing

Here’s how to watch AMD reveal its new Ryzen chips at Computex

AMD will hold a pre-Computex keynote May 27 to announce its new line of 3rd-generation Ryzen processors and accompanying Radeon Navi graphics cards. Here's how to watch the keynote live wherever you are in the world.
Computing

The 2019 ThinkPad lineup is robust. Here's how to pick the right one for you

Be it the X series, the T series, E series, it can be tough to find the best Lenovo laptop that is right for you. To help, we'll break down all the options available to make your choice a more informed one.
Computing

Should you buy a MacBook Pro or a Razer Blade Stealth? We'll help you decide

Laptop head to heads are a great way to see which one might be the right one for you. Our latest sees the Razer Blade Stealth (2019) vs. MacBook Pro in a fight to see which one deserves to be your next laptop.
Computing

AMD's latest Navi graphics cards are incoming. Here's what to expect

AMD's Navi graphics cards could be available as soon as July 2019 — as long as it's not delayed by stock problems. Billed as a successor to Polaris, Navi promises to deliver better performance to consoles like Sony's PlayStation 5.
Computing

Ryzen 3000 chips will pack a punch, and could launch as early as July

AMD's upcoming Ryzen 3000 generation of CPUs could be the most powerful processors we've ever seen, with higher core counts, greater clock speeds, and competitive pricing. Here's what we know so far.
Mobile

Want to watch Netflix in bed or browse the web? We have a tablet for everyone

There’s so much choice when shopping for a new tablet that it can be hard to pick the right one. From iPads to Android, these are our picks for the best tablets you can buy right now whatever your budget.
Deals

The best Amazon Prime Day 2019 deals: Everything you need to know

Amazon Prime Day 2019 is still a few months off, but it's never too early to start preparing. We've been taking a look at the best discounts from previous Prime Days to give you our predictions of what to expect this year.
Computing

Microsoft might finally embrace USB-C on next-gen Surface Pro 7

USB-C could finally come to Microsoft's Surface Pro tablet. According to a Microsoft patent filing, the port was shown in an illustration, suggesting that the company is working to support this feature in the future.