Research | Our Q3 report details what's new in the world of ransomware.
Reduce Alert Noise and False Positives
Boost your team's productivity by cutting down alert noise and false positives.
Automate Security Operations
Boost efficiency, reduce burnout, and better manage risk through automation.
Dark Web Monitoring
Online protection tuned to the need of your business.
Maximize Existing Security Investments
Improve efficiencies from existing investments in security tools.
Beyond MDR
Move your security operations beyond the limitations of MDR.
Secure with Microsoft 365 E5
Boost the power of Microsoft 365 E5 security.
Secure Multi-Cloud Environments
Improve cloud security and overcome complexity across multi-cloud environments.
Secure Mergers and Acquisitions
Control cyber risk for business acquisitions and dispersed business units.
Operational Technology
Solve security operations challenges affecting critical operational technology (OT) infrastructure.
Force-Multiply Your Security Operations
Whether you’re just starting your security journey, need to up your game, or you’re not happy with an existing service, we can help you to achieve your security goals.
Detection Investigation Response
Modernize Detection, Investigation, Response with a Security Operations Platform.
Threat Hunting
Locate and eliminate lurking threats with ReliaQuest GreyMatter
Threat Intelligence
Find cyber threats that have evaded your defenses.
Model Index
Security metrics to manage and improve security operations.
Breach and Attack Simulation
GreyMatter Verify is ReliaQuest’s automated breach and attack simulation capability.
Digital Risk Protection
Continuous monitoring of open, deep, and dark web sources to identify threats.
Phishing Analyzer
GreyMatter Phishing Analyzer removes the abuse mailbox management by automating the DIR process for you.
Integration Partners
The GreyMatter cloud-native Open XDR platform integrates with a fast-growing number of market-leading technologies.
Unify and Optimize Your Security Operations
ReliaQuest GreyMatter is a security operations platform built on an open XDR architecture and designed to help security teams increase visibility, reduce complexity, and manage risk across their security tools, including on-premises, clouds, networks, and endpoints.
Blog
Company Blog
Case Studies
Brands of the world trust ReliaQuest to achieve their security goals.
Data Sheets
Learn how to achieve your security outcomes faster with ReliaQuest GreyMatter.
eBooks
The latest security trends and perspectives to help inform your security operations.
Industry Guides and Reports
The latest security research and industry reports.
Podcasts
Catch up on the latest cybersecurity podcasts, and mindset moments from our very own mental performance coaches.
Solution Briefs
A deep dive on how ReliaQuest GreyMatter addresses security challenges.
Threat Advisories
The latest threat research report from ReliaQuest Threat Research research team.
White Papers
The latest white papers focused on security operations strategy, technology & insight.
Videos
Current and future SOC trends presented by our security experts.
Events & Webinars
Explore all upcoming company events, in-person and on-demand webinars
ReliaQuest ResourceCenter
From prevention techniques to emerging security trends, our comprehensive library can arm you with the tools you need to improve your security posture.
Threat Research
Get the latest threat analysis from the ReliaQuest Threat Research Team. ReliaQuest ShadowTalk Weekly podcast featuring discussions on the latest cybersecurity news and threat research.
Shadow Talk
ReliaQuest's ShadowTalk is a weekly podcast featuring discussions on the latest cybersecurity news and threat research. ShadowTalk's hosts come from threat intelligence, threat hunting, security research, and leadership backgrounds providing practical perspectives on the week's top cybersecurity stories.
November 30, 2023
About ReliaQuest
We bring our best attitude, energy and effort to everything we do, every day, to make security possible.
Leadership
Security is a team sport.
No Show Dogs Podcast
Mental Performance Coaches Derin McMains and Dr. Nicole Detling interview world-class performers across multiple industries.
Make It Possible
Make It Possible reflects our focus on bringing cybersecurity awareness to our communities and enabling the next generation of cybersecurity professionals.
Careers
Join our world-class team.
Press and Media Coverage
ReliaQuest newsroom covering the latest press release and media coverage.
Become a Channel Partner
When you partner with ReliaQuest, you help deliver world-class cybersecurity solutions.
Contact Us
How can we help you?
A Mindset Like No Other in the Industry
Many companies tout their cultures; at ReliaQuest, we share a mindset. We focus on four values every day to make security possible: being accountable, helpful, adaptable, and focused. These values drive development of our platform, relationships with our customers and partners, and further the ReliaQuest promise of security confidence across our customers and our own teams.
More results...
It’s the most wonderful time of the year! Tax season again. In a decision to assist US taxpayers navigating the ongoing COVID-19 pandemic, the IRS and Treasury Department postponed the April 15 tax filing deadline to May 17. The UK reached a similar conclusion, giving UK taxpayers an additional month to send in their tax returns, changing the deadline from January 31 to February 28, 2021. Despite the changes, you don’t need me to tell you to get your house in order and submit your returns in good time and through the correct channels. Cyber threat actors are again placing a high priority on using the tax season as a conduit for phishing campaigns, unemployment fraud, and other social engineering scams that are typically prevalent at this time of the year.
The COVID-19 pandemic has also resulted in a significant economic fallout across the globe; unemployment levels have spiked dramatically, causing an increase in the number of fraudulent unemployment requests made by criminal actors. The spike in claims has coincided with the more typical tax fraud observed in the lead-up to the tax return deadlines. In late September and early October, the demonstrable spike shown on the graphic above likely represents an interest from threat actors targeting the October 15th tax extension deadline. In this blog, we will dive into the types of tax and unemployment fraud observed in 2021.
A frequent item that Digital Shadows (now ReliaQuest) identified on criminal markets was the W-2 Internal Revenue Service tax form, used in the United States to report wages paid to employees and the taxes withheld from them. Targeting W-2 forms has been previously identified as a common tactic for cybercriminal actors, who can quickly monetize the information contained within each form and sell it to third parties for identity and related financial fraud. In the image below, an actor requests bulk loads of stolen 2019 1040 IRS tax forms and 2020 W-2 forms, with the actor willing to pay between $10-35 for each form. This post appeared in a high-profile Russian cybercriminal forum on 20 Jan 2021.
Other recent posts on Exploit highlight how and why these types of data can so quickly be monetized, with actors offering their services in identifying and advertising stolen data as well as manipulating the data to permit various scams. On 9 Mar 21, an actor announced their services with a post titled “scanlab.cc document rendering service”. Services like scanlab provide actors with the ability to create various forged documents, using scanned copies of credit cards, passports, driver’s licenses, utility bills, birth/death/marriage certificates, and diplomas.
This assists other actors in verifying data and proving income. Answering identification and proof of income-related queries is a common hurdle actors will have to cross when making fraudulent claims, like unemployment and other financial scams.
Unemployment benefits fraud involves criminal actors filing fraudulent benefit claims from the government, hoping to receive regular monetary payments. This scheme typically uses stolen details of real people or creates fake identities to claim cashback from government programs. These claims require a name, social security number or national insurance number, employment dates, proof of income from previous employment, and a job title. Digital Shadows (now ReliaQuest) have previously highlighted the risk from this type of fraud on our blog covering the COVID-19 threat landscape.
The scam is conducted due to background checks being insufficient and anticipating that employers approve the government’s unemployment notifications without checking the details are correct. Overwhelmed by hundreds of thousands of new claims, state and regional unemployment agencies don’t have the time to verify the claims’ accuracy properly.
Once approved, criminal actors divert the funds by picking up the payment card from the mailbox, with the victim unaware of what has happened. Reporting in October 2020 identified that the number of victims reporting this activity has risen to 150% in some US states when compared to 2019. The ability to file claims virtually during the pandemic has enabled threat actors from any location to file unemployment claims. This activity has been observed throughout the entirety of the US and is depicted by the figure below.
One trend Digital Shadows (now ReliaQuest) observed in the past year was unemployment claims being targeted against executives; corporate executives are a promising target for scammers seeking to siphon billions of dollars in unemployment payments. One reason for the prevalence of these scams is due to the troves of personal information on executives that is easily identifiable in the public domain.
Corporate websites often contain sensitive information on executives, facilitating further social engineering scams to reveal an insurance number or social security number. There is also a secondary impact to the executives’ business, with the affiliation to their brand causing reputational risk. Digital Shadows (now ReliaQuest) can assist in identifying and remediating exposures on individuals’ digital footprint through bespoke reporting.
The various types of tax and benefit-related fraud highlight the ease in which threat actors can quickly monetize and exploit stolen personal and financial information. This trend will almost certainly continue to factor heavily on the threat landscape for 2021, with the COVID-19 pandemic providing actors with ample opportunity to commit fraud. Detection of these issues currently appears to be insufficient, and as a result, will likely incentivize additional actors to make similar claims.
Basic cyber hygiene can assist in lowering the risk from many tax-related scams targeting individuals. Taxpayers should remain vigilant for phishing and other social engineering scams that leverage tax deadlines as a hook—these often impersonate the IRS (In the United States) or HMRC (in the United Kingdom). These scams typically use timeliness or fear to coerce recipients to interact with links or input details and can often be identified through errors within the email; incorrect branding within such emails, spelling mistakes, and other minute details can indicate an illegitimate request. If something doesn’t seem right, it usually isn’t.
A robust approach to password management can also lower the possibility of identity theft and fraud. Users should use solid and single-use passwords, avoiding using corporate email addresses to sign up for personal websites, and use a password manager to assist in auditing password usage. If you think you or your company has been targeted by tax-related fraud, US citizens can report using steps identified by the IRS on the following website. In the UK, taxpayers can use the following service from the HRMC.
For protecting your organization against phishing scams, executive impersonation, or data exposure across the open, deep, and dark web, you can refer to our blog, The Complete Guide to Online Brand Protection. Ready to take proactive action on such scams and potential data loss? Get a free demo of SearchLight (now ReliaQuest’s GreyMatter Digital Risk Protection) here.