Flashpoint just made available a Tax Fraud Threat Landscape report that covers the sharp increase in cybercriminal tax refund fraud schemes just as millions of Americans navigate tax season.
Flashpoint analysts have observed widespread discussions among fraud communities—especially on Telegram and Dark Web forums—about tactics to steal personally identifiable information (PII), file fraudulent returns, and cash out IRS refunds before the real taxpayer ever files.
Some of the most concerning trends include:
- Exploitation of identity verification systems like ID.me, with fraudsters leveraging stolen selfies, forged documents, and social engineering tactics.
- A marketplace for “fullz”—complete PII packages—used to impersonate victims and file fake returns via popular tax prep services like TurboTax and H&R Block.
- Targeted abuse of government programs, such as the Employee Retention Credit and the California Middle Class Tax Refund.
- Disaster-related fraud, with actors already exploiting aid programs linked to the 2025 LA wildfires.
Telegram remains a major hub for fraud coordination, with thousands of posts sharing step-by-step “sauce” and tutorials. Screenshots of six-figure IRS refunds are common, many accompanied by sales pitches for methods to bypass verification letters and fraud detection systems.
Flashpoint analysts also highlight in the report emerging schemes involving romance scams, job ads, and phishing campaigns—many designed to coax ID.me credentials and IP PINs directly from victims.
You can read the report here: https://flashpoint.io/blog/four-steps-of-tax-refund-fraud/
Related
This entry was posted on April 17, 2025 at 9:00 am and is filed under Commentary with tags Flashpoint. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
New Report From Flashpoint Reveals Sophisticated Surge in U.S. Tax Refund Fraud Scheme
Flashpoint just made available a Tax Fraud Threat Landscape report that covers the sharp increase in cybercriminal tax refund fraud schemes just as millions of Americans navigate tax season.
Flashpoint analysts have observed widespread discussions among fraud communities—especially on Telegram and Dark Web forums—about tactics to steal personally identifiable information (PII), file fraudulent returns, and cash out IRS refunds before the real taxpayer ever files.
Some of the most concerning trends include:
Telegram remains a major hub for fraud coordination, with thousands of posts sharing step-by-step “sauce” and tutorials. Screenshots of six-figure IRS refunds are common, many accompanied by sales pitches for methods to bypass verification letters and fraud detection systems.
Flashpoint analysts also highlight in the report emerging schemes involving romance scams, job ads, and phishing campaigns—many designed to coax ID.me credentials and IP PINs directly from victims.
You can read the report here: https://flashpoint.io/blog/four-steps-of-tax-refund-fraud/
Share this:
Like this:
Related
This entry was posted on April 17, 2025 at 9:00 am and is filed under Commentary with tags Flashpoint. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.