The 27th. In March 2020, the U.S. government adopted a $2 trillion stimulus package. The U.S. Agency for International Development (USAID), which provides $1,200 in controls to qualified taxpayers to help fight the KOVID 19 pandemic (also known as coronavirus), has worked with the U.S. Agency for International Development (USAID) and the U.S. Agency for International Development (USAID) to assist in the fight against the KOVID 19 pandemic. Since then, researchers at Secureworks® Counter Threat Unit™ (CTU) have observed an increase in the theft of taxpayer identification data to fraudulently obtain incentive controls (see Figure 1).

COVID-19 Stimulus fraud target U.S. citizens

Figure 1. Advertising for tax vouchers for the theft of incentive vouchers. (Source: Secureworks)

In another message from an underground forum, an English-language threat actor named DoctorZempf claimed to have found information while he was fumbling through the dustbins of the tax authorities. Cybercriminals may use taxpayer information to steal personal information and request that victim support be verified for motivational reasons. Full report Windows Plesk server support. Other refused data can lead to persons threatening to impersonate their clients as tax representatives in the context of a social engineering campaign.

Incentive vouchers were sent in April to individuals who filed U.S. federal tax returns in 2019 and 2020 and who meet the incentive conditions. Some cheques have been sent to deceased citizens to enable them to develop themselves. A cybercriminal in possession of a deceased person’s details (e.g. personal data (fullz), proof of payment, bank details, Individual Taxable Identification Number (ITIN)) may file a fraudulent tax return of the victim and claim an appropriate incentive and tax refund.

CTU™ researchers have noted that cybercriminals discuss the success of fraud attempts with incentives to use coronavirus and encourage partners to share resources (see Figure 2).

COVID-19 Stimulus fraud target U.S. citizens

Figure 2. Threat to an actor who’s looking for a partner for a stimulating fraud. (Source: Secureworks)

CTU investigators also noted how threatening entities used phishing sites disguised as Internal Revenue Service (IRS) tax forms, which were required to conduct incentive audits. A threatening company can use the information provided to pretend to be a victim in the tax return of the tax office and obtain a tax return and incentive check from the victim (see Figure 3).

COVID-19 Stimulus fraud target U.S. citizens

Figure 3. Phishing site for collecting tax information on victims. (Source: Secureworks)

Threatening actors sell data packages that simplify the identity theft process (see Figure 4).

COVID-19 Stimulus fraud target U.S. citizens

Figure 4. Promotion of data packages for tax profiles used for IRS incentive fraud. (Source: Secureworks)

Some cybercriminals collect victims’ data directly from phishing or social engineering sites, while others purchase Fullz databases and account information advertised in classified forums. Figure 5 shows a database auction that could enable a buyer to create 40,000 additional data sets of load profiles.

COVID-19 Stimulus fraud target U.S. citizens

Figure 5. An electronic database of companies providing tax reporting services in the United States that are offered for sale and then sold. (Source: Secureworks)

The IRS has published examples of phishing emails on its website for people who are not sure if the email is legal. The tax authorities do not take the initiative to communicate with taxpayers by e-mail and encourage recipients to report by e-mail.

CTU researchers advise their clients to apply best practices to reduce incentive fraud and other tax evasion that impersonates the IRS and attempts to steal W-2 information. Victims of identity theft must also immediately report the incident to the IRS and the credit bureau in order to limit the damage.

  • Implement multi-factor authentication for Internet resources that store financial information, personal information (PII), and business or personal e-mail addresses.
  • Protect customer data with modern and secure encryption.
  • Inform employees to identify and report phishing attempts to steal confidential information via email or malicious advertising.
  • The institution verifies the legitimacy of requests for CPI, financial information or account updates via predefined out-of-band channels such as the telephone.
  • Secure disposal of confidential information (e.g. destruction of paper documents).

Share: