Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

    Security Awareness Training Blog

    Criminals Are Selling Stolen Tax Forms for Cheap on the Dark Web

    KnowBe4 Team | Mar 30, 2026

    Tax SeasonResearchers at Malwarebytes warn that cybercriminals are peddling stolen tax documents for as low as $4 per identity, with freshly stolen forms selling for $20 each. These documents allow threat actors to conduct refund fraud, using stolen personal information to claim victims’ tax refunds.

    “Rather than harvesting data from scratch, fraudsters can simply purchase massive datasets of stolen Personally Identifiable Information (PII), complete with ready-to-use W-2 and 1040 forms,” the researchers write.

    “For more sophisticated operations, Initial Access Brokers (IABs) auction off direct network access to compromised Certified Public Accountants (CPAs) and accounting firms. Beyond raw data and access, this underground economy provides a full suite of ‘fraud-as-a-service’ tools—including on-demand services to forge supporting financial documents and dedicated instructional hubs featuring step-by-step tutorials.”

    Malwarebytes offers the following advice to help users avoid falling for these attacks:

    • “File your taxes early. Submitting your legitimate tax return early makes it much harder for criminals to file one in your name first.
    • Protect your Social Security number. Avoid sharing your Social Security number unless it’s absolutely necessary.
    • Watch out for phishing emails and texts. Scammers often pose as the IRS, banks, or tax services to trick people into revealing personal data.
    • Use strong, unique passwords. If criminals gain access to your email or financial accounts, they may be able to collect the information needed to impersonate you.
    • Monitor your accounts and credit reports. Unexpected tax notices, rejected returns, or unfamiliar financial activity can all be warning signs of identity theft.
    • Consider an IRS Identity Protection PIN (IP PIN). An IP PIN adds an extra verification step when filing your tax return, helping prevent criminals from filing in your name.”

    KnowBe4 empowers your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 HRM+ platform to strengthen their security culture and reduce human risk.

    Malwarebytes has the story.

     

    Return To KnowBe4 Security Blog

    Are your users putting a big target on your organization's back?

    Verizon's recent Data Breach Report showed that 81% of hacking-related breaches used either stolen or weak passwords. And, a new survey from Dark Reading shows 44% of organizations say users pose the greatest threat to data security!

    KnowBe4's Password Exposure Test (PET) makes it easy for you to identify users with exposed emails publicly available on the web, and checks your Active Directory to see if they are using weak or compromised passwords that are part of a known data breach. PET then reports on any user accounts affected so you can take action immediately!

    PETHere's how the Password Exposure Check works:

    • Checks to see if any of your organization's email addresses have been part of a data breach
    • Tests against 10 types of weak password related threats associated with user accounts
    • Checks against breached or weak passwords currently in use in your Active Directory
    • Reports on the accounts affected and does not show/report on the actual passwords 
    • Just download the install, run it, get results in minutes!

    Download Now

    PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

    https://www.knowbe4.com/password-exposure-test

    Topics: Cybercrime, Data Privacy

    KnowBe4 Team

    ABOUT KNOWBE4 TEAM

    The KnowBe4 Team delivers timely, expert-driven insights on cybersecurity trends, emerging threat intelligence, human risk best practices, compliance strategies and industry research to help organizations strengthen their human defense layer and stay informed, resilient, and secure.

    Read more from KnowBe4 »

    Subscribe to Our Blog

    We Train Humans & Agents
    All Posts

    Posts By Topic

    View All

    Get the latest insights, trends and security news. Subscribe to CyberheistNews.