The US Internet Revenue Service has launched a new unit dedicated to tackling the rising rate of identity theft through hacking.
The US agency's unit comprises of roughly a dozen agents, as reported by the Wall Street Journal. The agents, based in Washington, will focus on cybercrime related to tax fraud, including the theft of data which is then used to collect victim tax refunds without their consent.
IRS data suggests that within the last fiscal year, over 1,000 cases of identity theft involved the loss of data through digital means.
Phishing campaigns, for example, remain a common method for cybercriminals to entice victims to part with personal and sensitive information which can then be used in identity theft and tax fraud. Emails -- targeted at individuals or sent en masse -- masquerade as legitimate businesses such as banks, social media websites and loan companies and include either malicious attachments containing malware payloads or links to malicious websites.
Malware which spies on users, using techniques such as keylogging, is then often installed -- and surveillance data will then find its way back to cybercriminals through command and control (C&C) centers.
However, the tax season also acts as the right timeframe for cybercriminals to use other techniques. Once a Social Security number has been stolen from the victim, criminals pose as the victim and submit tax returns to the agency, collecting refunds. Victims may only discover the fraud when they attempt to collect their legitimate refund and are told it has already been paid.
According to reports, investigations are backed up to the point the average waiting time to resolve the issue is 120 days.
Speaking to the publication, the head of criminal investigation at the IRS, Richard Weber, said connections to Nigeria, Russia, Latvia, Bulgaria and Romania and tax fraud have been made in the past several months. In total, the US agency has traced approximately $26 million in criminal profits back to these countries.
Between 2011 and 2014, the IRS prevented fraudulent tax refund transactions worth $63 billion.
Read on: In the world of security
- Yahoo launches password-free logins
- Feds hot on the trail of JPMorgan hackers
- EquationDrug: Sophisticated, stealthy data theft for over a decade
- Symantec research highlights security failures in the connected home
- New CryptoLocker ransomware targets gamers
Read on: Fixes and Flaws