W-2 tax forms for 2016 can be bought and sold on the dark web at $20 or less

Hacker
hamburg_berlin/Shutterstock
Security researcher Brian Krebs reports that hackers are now selling W-2 tax forms on the dark web, a collection of websites that requires special software or authorization to access and can’t be found using Google or Bing. It’s an online world where pirated software can be obtained and cybercriminal shops can thrive, selling goods like PayPal account credentials, stolen credit cards, and now apparently last year’s tax forms.

According to Krebs, the W-2 tax form data was up for sale on an unnamed dark web shop under the “other” category. The data stemmed from more than 3,600 residents from Florida and included their employer’s name, employer ID, and employer address. The info also included the taxpayer’s personal information such as address, social security number, 2016 wage information, and the taxes withheld.

The stolen W-2 records required Bitcoins to purchase and their cost depended on the wage made by the taxpayer, ranging between $4 and $20 each. Thus, the higher the wage, the more money thieves could possibly land if they are successful in tricking the Internal Revenue Service with a fraudulent tax form filed using the purchased taxpayer information.

The tax information may have stemmed from a Florida-based firm called The Payroll Professionals. Krebs figured this out after a source purchased two of the listed W-2 forms stemming from Kirai Restaurant Group LLC. Krebs contacted the restaurant company who said it outsources employee tax forms to The Payroll Professionals.

A representative of The Payroll Professionals confirmed with Krebs that the company was aware of a “potential hacking” and was currently informing customers of the potential problem. Krebs found additional W-2 tax forms on the dark web storefront stemming from companies that use The Payroll Professionals to handle their payroll.

How The Payroll Professionals was hacked is unknown. In a typical scenario, scammers would spoof a bogus email to resemble a high-ranking official in a company and send it to human resources and the payroll department. The email would demand a copy of all employee W-2 data to be returned immediately.

Just days ago, a hacker impersonated Sunrun CEO Lynn Jurich in an email sent to the company’s payroll department and received employee W-2 forms for 2016. The hacker got away with “a substantial portion” of the company’s current and former employee personal and financial information. Luckily, Sunrun’s customer database was not affected by the phishing scam.

“Sunrun recognized the issue within one hour of the scam and immediately began working with the proper authorities,” the company said Friday. “We are committed to the safety and security of our employees’ information and will continue to work diligently to increase the security of our systems and implement tighter controls.”

Taxpayers worried about hackers filing fraudulent claims on behalf of their information can use file form 14039 (pdf) if they believe they are victims of identity theft. Taxpayers can also request a six-digit Identity Protection PIN to help combat fraudulent tax returns.

Computing

Adobe’s craziest new tools animate photos, convert recordings to music in a click

Adobe shared a glimpse behind the scenes at what's next and the Creative Cloud future is filled with crazy A.I.-powered tools, moving stills, and animation reacting to real-time tweets.
Product Review

Samsung’s Galaxy Book 2 is a Surface Pro alternative with one big advantage

The 2-in-1 form factor is clearly a big deciding factor for anyone looking to buy a new device, which is why Samsung is again getting in the action this year with the new Galaxy Book 2.
Social Media

Tumblr promises it fixed a bug that left user data exposed

A bug on blogging site Tumblr left user data exposed. The company says that once it learned of the flaw, it acted quickly to fix it, adding that it's confident no data linked to its users' accounts was stolen.
Deals

The best accounting software for your small business

Small business owners looking for accounting software have a variety of options at their disposal. And this guide will help them find the best solutions, from Quickbooks Online and Freshbooks to AccountEdge and Zoho Books.
Movies & TV

The best shows on Netflix in October, from 'Mindhunter’ to ‘The Good Place’

Looking for a new show to binge? Lucky for you, we've curated a list of the best shows on Netflix, whether you're a fan of outlandish anime, dramatic period pieces, or shows that leave you questioning what lies beyond.
Computing

Problems with Microsoft’s Windows October 2018 Update aren’t over yet

Microsoft's Windows 10 October 2018 update is not having a great launch. More than two weeks after its debut and Microsoft is still putting out fires as new bugs are discovered and there's no sign of its re-release as of yet.
Computing

Chrome 70 is now available and won’t automatically log you in to the browser

Google has officially launched Chrome version 70 on Windows Mac and Linux. The update introduces some new Progressive Web App integrations on Windows 10 and also tweaks the much controversial auto login with Google Account feature.
Computing

Corsair’s latest SSD boasts extremely fast speeds at a more affordable price

Despite matching and besting the performance of competing solid-state drives from Samsung and WD, the Corsair Force Series MP510 comes in at a much more affordable price. Corsair boasts extremely fast read and write speeds.
Computing

New Windows 10 19H1 preview lets users remove more pre-installed Microsoft apps

With the release of the latest Windows 10 19H1 preview build on October 17, Microsoft is letting some consumers remove more of the pre-installed inbox app bloatware from their machines. 
Computing

Apple’s 2020 MacBooks could ditch Intel processors, arrive with ‘ARM Inside’

If you're buying a MacBook in 2020, be on the lookout for a new "ARM Inside" banner. Apple is reportedly working on transitioning away from Intel processors for its MacOS lineup in favor of new custom A-series ARM-based silicon.
Computing

Microsoft patent highlights a potential VR text input system

A new patent awarded to Microsoft could lead to a new typing method for virtual reality and on Xbox consoles. The virtual radial dial puts letters within easy reach of joystick commands and offers predictive typing, too.
Computing

Ryzen shine! AMD’s next CPUs could beat Intel at gaming in 2019

AMD's upcoming Zen 2-based Ryzen 3000 CPUs could offer as much as a 13-percent increase in instruction per clock. With clock speed or core count increases, that could gave them a huge performance boost.
Computing

Samsung Galaxy Book 2 packs Snapdragon 850 into Always Connected Windows 2-in-1

The Samsung Galaxy Book 2 is set to go on sale at the start of November and should be a solid addition the collection of Always Connected Windows laptops. It packs a Snapdragon 850 and a 20-hour battery.
Computing

A ThinkPad tablet with a foldable screen could be in Lenovo’s future

Lenovo may be working on its own version of Project Andromeda. The company is reportedly working on a 13-inch tablet that can fold down to just nine inches for travel by leveraging LG Display's foldable screen technology.