THE article explains that during the U.S. tax season threat actors deploy IRS-themed phishing, W-2 fraud and dark web activity to harvest sensitive data, impersonate IRS or payroll entities, and pressure victims into revealing information or sending funds. It notes that impersonation and urgency are common in campaigns, with scams ranging from fake refund notices to fake IRS login portals and spear-phishing that targets payroll staff and tax professionals.
W-2 fraud is described as a form of business email compromise where attackers request employee tax forms, enabling fraudsters to file fraudulent returns or commit identity theft, with wire transfers remaining the preferred payment method for attackers in BEC schemes.
The piece cites National Tax Security Awareness Week briefings stating that wire transfers account for roughly 88% of BEC proceeds and the median amount stolen per incident around $50,000, while a single year of reported BEC-related fraud has seen more than $6.3 billion transferred. It also mentions a dark web example where a threat actor offered a database of 1.9 million American taxpayers for $20,000, illustrating how stolen data is bought and sold for identity fraud. According to SOCRadar Dark Web News, such datasets can fuel large-scale tax fraud and account takeovers.