Skip to main content
  1. Home
  2. Computing
  3. News

W-2 tax forms for 2016 can be bought and sold on the dark web at $20 or less

Kevin Parrish
By

Hacker
hamburg_berlin/Shutterstock
Security researcher Brian Krebs reports that hackers are now selling W-2 tax forms on the dark web, a collection of websites that requires special software or authorization to access and can’t be found using Google or Bing. It’s an online world where pirated software can be obtained and cybercriminal shops can thrive, selling goods like PayPal account credentials, stolen credit cards, and now apparently last year’s tax forms.

According to Krebs, the W-2 tax form data was up for sale on an unnamed dark web shop under the “other” category. The data stemmed from more than 3,600 residents from Florida and included their employer’s name, employer ID, and employer address. The info also included the taxpayer’s personal information such as address, social security number, 2016 wage information, and the taxes withheld.

Recommended Videos

The stolen W-2 records required Bitcoins to purchase and their cost depended on the wage made by the taxpayer, ranging between $4 and $20 each. Thus, the higher the wage, the more money thieves could possibly land if they are successful in tricking the Internal Revenue Service with a fraudulent tax form filed using the purchased taxpayer information.

The tax information may have stemmed from a Florida-based firm called The Payroll Professionals. Krebs figured this out after a source purchased two of the listed W-2 forms stemming from Kirai Restaurant Group LLC. Krebs contacted the restaurant company who said it outsources employee tax forms to The Payroll Professionals.

A representative of The Payroll Professionals confirmed with Krebs that the company was aware of a “potential hacking” and was currently informing customers of the potential problem. Krebs found additional W-2 tax forms on the dark web storefront stemming from companies that use The Payroll Professionals to handle their payroll.

How The Payroll Professionals was hacked is unknown. In a typical scenario, scammers would spoof a bogus email to resemble a high-ranking official in a company and send it to human resources and the payroll department. The email would demand a copy of all employee W-2 data to be returned immediately.

Just days ago, a hacker impersonated Sunrun CEO Lynn Jurich in an email sent to the company’s payroll department and received employee W-2 forms for 2016. The hacker got away with “a substantial portion” of the company’s current and former employee personal and financial information. Luckily, Sunrun’s customer database was not affected by the phishing scam.

“Sunrun recognized the issue within one hour of the scam and immediately began working with the proper authorities,” the company said Friday. “We are committed to the safety and security of our employees’ information and will continue to work diligently to increase the security of our systems and implement tighter controls.”

Taxpayers worried about hackers filing fraudulent claims on behalf of their information can use file form 14039 (pdf) if they believe they are victims of identity theft. Taxpayers can also request a six-digit Identity Protection PIN to help combat fraudulent tax returns.

Topics
Kevin Parrish
Kevin Parrish
Former Digital Trends Contributor
Kevin started taking PCs apart in the 90s when Quake was on the way and his PC lacked the required components. Since then…
How to draw on Google Docs to add doodles, sketches, and more
The Google Play Store, YouTube, and Google Docs installed on an Amazon Fire Max 11.

Word processing software isn’t the kind of tool that most users would consider exciting, which is why we’re glad to see companies like Google adding a little flair to its own products. We’re talking about Google Docs, a free-to-use word processor that’s part of your larger Google Account ecosystem. Basic formatting options and other familiar word processing functions are front and center on Google Docs, but the ability to add doodles, sketches, and other entertaining media to your next Docs file requires a special bit of know-how.

Read more
AMD’s upcoming APUs might destroy your GPU
AMD CEO Lisa Su holding an APU chip.

The spec sheets for AMD's upcoming APU lineups, dubbed Strix Point and Strix Halo, have just been leaked, and it's safe to say that they're looking pretty impressive. Equipped with Zen 5 cores, the new APUs will find their way to laptops that are meant to be on the thinner side, but their performance might rival that of some of the best budget graphics cards -- and that's without having a discrete GPU.

While AMD hasn't unveiled Strix Point (STX) and Strix Halo (STX Halo) specs just yet, they were leaked by HKEPC and then shared by VideoCardz. The sheet goes over the maximum specs for each APU lineup, the first of which, Strix Point, is rumored to launch this year. Strix Halo, said to be significantly more powerful, is currently slated for a 2025 release.

Read more
Hyte made me fall in love with my gaming PC all over again
A PC built with the Hyte Nexus Link ecosystem.

I've never seen anything quite like Hyte's new Nexus Link ecosystem. Corsair has its iCue Link system, and Lian Li has its magnetic Uni system, and all three companies are now offering ways to tie together your PC cooling and lighting devoid of extraneous cables. But Hyte's marriage of hardware, software, and accessories is in a league of its own -- and it transformed my PC build completely.

I've been using some of the foundational components of the ecosystem for about a week, retailoring a build inside of Hyte's own Y40 PC case to see how the system works. It doesn't seem too exciting at first -- Hyte released an all-in-one (AIO) liquid cooler, some fans, and a few RGB strips, who cares? But as I engaged more with the Nexus Link ecosystem, I only became more impressed.
It all starts with the cooler

Read more