On March 27, 2020, the U.S. government approved a $2 trillion USD stimulus package that provides COVID-19 (also known as coronavirus) pandemic relief for its citizens in the form of $1,200 checks. Since then, Secureworks® Counter Threat Unit™ (CTU) researchers have observed an increase in tax identity theft aimed at fraudulently obtaining stimulus checks (see Figure 1).
Figure 1. Advertisement of tax documents to steal stimulus checks. (Source: Secureworks)
In another underground forum post, an English-speaking threat actor known as “DoctorZempf” claimed to have found information by searching tax preparers’ trash dumpsters. Cybercriminals could use taxpayer information to steal identities and apply for a victim’s stimulus relief check. Other discarded data could allow threat actors to impersonate the tax preparers in a social engineering campaign against their customers.
In April, the stimulus checks were sent to U.S. citizens who filed federal taxes in 2019 and 2020 and met the stimulus requirements. Some checks were sent to deceased citizens, providing opportunities for threat actors. A cybercriminal possessing a deceased individual’s data (e.g., personal information (fullz), paystubs, bank account details, individual taxpayer identification number (ITIN)) could file a fraudulent tax return for the victim and claim an applicable stimulus payment and tax refund.
CTU™ researchers have observed cybercriminals discussing the success of coronavirus stimulus fraud attempts and soliciting partners to share resources (see Figure 2).
Figure 2. Threat actor seeking a partner for stimulus fraud. (Source: Secureworks)
CTU researchers also observed threat actors using phishing pages disguised as Internal Revenue Service (IRS) tax forms required for stimulus checks. The threat actor can use the submitted inf ..
Support the originator by clicking the read the rest link below.
