"Stolen Identity Refund Fraud" (SIRF)

 

Since it is Tax season, I figured I would add this to my blog read, I shamelessly clipped this from "MalwareBytes Lab"  Every 2 weeks I get a news info from my employer on the latest scams that are running today and I make an attempt to stay informed.  I am amazed on the creativity of the scammers.  I cut and pasted the article, I hope the entire article came through, it is very informative.  

Privacy, Threat Intel

Your tax forms sell for $20 on the dark web

by Malwarebytes Labs | March 19, 2026

Tax season is also peak season for identity theft. Criminals use stolen personal data to file fake tax returns and claim refunds before the real taxpayer does. Here’s how the fraud works, and how to protect yourself.

What is Stolen Identity Refund Fraud (SIRF)?

Stolen Identity Refund Fraud (SIRF) is a type of tax fraud where criminals steal someone’s personal information—such as a Social Security number and date of birth—and use it to file a fake tax return in that person’s name in order to claim a tax refund.

The fraudsters usually submit the false return early in the tax season before the real taxpayer files, so the refund is issued to them instead of the legitimate person.

The money is often sent to bank accounts, debit cards, or addresses controlled by the criminals. Victims usually discover the fraud only when their real tax return is rejected or when the tax authority, like the US Internal Revenue Service (IRS), reports that a refund has already been issued in their name.

How is it even possible? 

As Americans scramble to meet the annual tax filing deadline, a hidden ecosystem on the Dark Web kicks into overdrive, transforming tax season into a lucrative period of the year for international cybercriminals.  Shahak Shalev, Global Head of Scam and AI Research at Malwarebytes, said:

“People are expecting messages about taxes, refunds, and filings, which makes phishing emails and fake IRS alerts much easier to believe. At the same time, the personal data needed to commit tax fraud is shockingly cheap on the dark web. It’s no surprise scammers treat tax season like an annual opportunity.”

Behind the sudden influx of fraudulent refund claims lies a highly organized criminal supply chain deeply rooted in Russian-language underground forums. These specialized platforms act as the primary enablers of tax fraud.  

Rather than harvesting data from scratch, fraudsters can simply purchase massive datasets of stolen Personally Identifiable Information (PII), complete with ready-to-use W-2 and 1040 forms. For more sophisticated operations, Initial Access Brokers (IABs) auction off direct network access to compromised Certified Public Accountants (CPAs) and accounting firms.  

Beyond raw data and access, this underground economy provides a full suite of “fraud-as-a-service” tools—including on-demand services to forge supporting financial documents and dedicated instructional hubs featuring step-by-step tutorials. 

• A threat actor looking for partners for US tax refund fraud (based on data from accounting software)

• The threat actor is selling access to a CPA company with accounting software databases

• A threat actor looking for partners for US tax refund fraud

The black market of PII 

At the epicenter of this illicit commerce is one of the premier Russian-language underground forums, which serves as the definitive marketplace for fraudsters to buy and offload tax-related PII. The commoditization of this data is staggering in its efficiency, operating much like a traditional e-commerce platform.  

Our research team has captured several compelling samples of this trading activity, highlighting a clear pricing tier based on the freshness of the data and the target demographic. In one recently observed listing, a threat actor advertised a bulk package of 100 complete tax forms for $2,000—effectively pricing a fully documented stolen identity at just $20.  

• A threat actor offering US tax forms and W-2s for sale

• A threat actor offering discounted 1040 forms, PII, and bank data for sale 

Conversely, older data dumps from the 2024 tax year are heavily discounted to clear inventory; highly sensitive records specifically belonging to wealthy retirees and pensioners from that period are currently being traded for less than $4 per identity. 

Access for sale 

This staggering volume of tax-related data must originate from somewhere, and threat actors have identified the ultimate jackpot: US companies that handle tax preparation and accounting procedures.  

From an attacker’s perspective, it is infinitely more efficient to breach a dedicated business that serves as a centralized vault for this sensitive information than to cast a wide net trying to trick individual citizens into handing over their personal details. 

---

See if your personal data has been exposed.

SCAN NOW

---

Our research team recently intercepted a prime example of this strategy in action, identifying a Dark Web listing for compromised network access to a US-based tax service firm. The victimized organization is a small business; a typical target of criminals looking for easy access for exploitable information.

Exploiting these systemic weaknesses, the threat actor was able to quietly infiltrate the company’s internal infrastructure and is now auctioning off direct access to a database containing the complete, highly sensitive PII of over 1,600 clients. 

A threat actor auctioning off access to a database of PII of more than 1,600 customers

Additional data for sale 

Even when threat actors encounter roadblocks during the fraud process—such as a missing piece of PII or a highly specific financial document required for verification—the cybercrime underground offers a comprehensive suite of on-demand services to seamlessly solve these issues.  

Our research team has tracked a dedicated black market known as “Cypher – Fullz and Docs,” which specializes in selling complete, ready-to-use sets of stolen US identities (commonly referred to in the underground as “fullz”) for as little as $0.75 per set.  

• Advertising stolen data on the dark web

• Another ad for “fullz” – full identities

However, having the basic data is sometimes not enough to bypass required checks.

When additional paperwork is required to legitimize a fraudulent claim, threat actors simply turn to specialized forgery services like “Fakelab.” For a nominal fee ranging between $20 and $40, Fakelab operates as an illicit digital design studio, meticulously forging any tax-related document an attacker might need, from customized W-2s to realistic bank statement, ensuring the scam can proceed without a hitch. 

• Advert for documents, including medical and tax forms

• Price list for data

Tutorials and guidance 

The culmination of the tax fraud lifecycle—and often the most precarious phase for the attacker—is the cashout. To successfully finalize the scam and extract the stolen funds, fraudsters require a robust financial infrastructure, typically relying on compromised “drop” bank accounts and supplementary financial tools designed to launder the money and obscure their tracks.  

Unsurprisingly, the Dark Web ecosystem provides not just the tools but the detailed education necessary to execute this critical phase. Our research team identified a dedicated underground resource known as “Flava,” which serves as a centralized instructional hub. This platform is brimming with comprehensive, step-by-step tutorials specifically detailing how to orchestrate these complex cashout schemes targeting US citizens and residents. 

A Russian-language marketplace related to financial fraud techniques.

How to stay safe

Stolen Identity Refund Fraud is a reminder that identity theft doesn’t just lead fraudulent purchases. It can impact something as fundamental as filing your taxes.

Cybercriminals take advantage of underground marketplaces that sell stolen personal data, compromised business access, and tools designed to support fraud. It makes it easier for criminals to file fake tax returns quickly and at scale.

For taxpayers, the best defense is limiting the amount of personal data available to criminals, filing your taxes early, and paying attention to any warning signs that someone may be trying to use your identity.

Tax fraud often depends on criminals getting access to your personal information first. The less data they have, the harder it is for them to impersonate you. Here are some steps that can help reduce your risk:

• File your taxes early. Submitting your legitimate tax return early makes it much harder for criminals to file one in your name first.
• Protect your Social Security number. Avoid sharing your Social Security number unless it’s absolutely necessary.
• Watch out for phishing emails and texts. Scammers often pose as the IRS, banks, or tax services to trick people into revealing personal data.
• Use strong, unique passwords. If criminals gain access to your email or financial accounts, they may be able to collect the information needed to impersonate you.
• Monitor your accounts and credit reports. Unexpected tax notices, rejected returns, or unfamiliar financial activity can all be warning signs of identity theft.
• Consider an IRS Identity Protection PIN (IP PIN). An IP PIN adds an extra verification step when filing your tax return, helping prevent criminals from filing in your name.

---

Note: These dark web screenshots have been roughly translated from Russian. 

---

What do cybercriminals know about you?

Use Malwarebytes’ free Digital Footprint scan to see whether your personal information has been exposed online.

"From Masada to Marxism"

 

I couldn't understand it, but this article I had clipped off farcebook did explain it.  I couldn't understand why the American Jews were all in with the progressive party, thumbing their noses at their ancestral homeland and supporting policies that would see their people wiped off the face of the earth.  I keep hearing "We are Jews, Not Zionist"...I'm thinking..."That ain't gonna make a hill of beans to the islamist that want to kill all of yall off, to them there is no distinction.  To others that hate Israel, and are anti semitic  problem in the democratic party and in Western Europe, and I see what I call the "Bagel Jews" turning on their homeland and their faith trying to blend in thinking that they will be spared when in the end, they will not.So in their appeasement they support policies that are detrimental to their ancestral homeland and their faith.    I know a lot of American jews that are disgusted by what they see by these turncoats and it will cause a chasm here in America if it hasn't already happened.

     I clipped this from "Igal Hecht"

The contemporary political landscape has devolved into a theater of the absurd where Democrat-voting Jews and self-described "Progressive Liberals" have effectively morphed into a PR wing for the Mullahs of Iran. This phenomenon demonstrates a level of historical amnesia that borders on the suicidal, as this faction has traded the ancestral survival instincts forged at Masada for a terminal case of Severe TDS. In a different universe, these same individuals would likely be the ones cheering as the cattle cars pulled into the station; today, they are effectively building the gallows from which their enemies intend to hang them, siding with a regime that views their existence as a clerical error to be erased.

Since the Obama administration, the transformation has been absolute, resulting in the birth of a Left-wing Brown Shirt. These activists have traded the Tallit for the Keffiyeh, spewing Marxist drivel while advocating for a theocratic tyranny that would hang them from a crane in a heartbeat. It is a staggering display of cognitive dissonance to watch these individuals pivot from hoping for the capture of Americans by Iranian forces to actively rooting for the Mullahs to choke off global trade in the Strait of Hormuz. They are praying for a civilizational collapse just to maintain their sense of progressive virtue and subvert Western security.

Poisoned by the toxic intersection of Neo-Marxist dogma and the modern Democratic Party platform, these "Bagel Jews" have completely severed their connection to objective reality. They have abandoned 3,000 years of tradition for a radical ideology that is so fundamentally broken it can no longer define the basic biological reality of a woman, let alone identify who truly wants them dead. They aren't just "out of touch"; they are actively collaborating with the very forces that seek their total annihilation.

Ultimately, this is more than a political disagreement, it is a civilizational suicide pact driven by a total loss of common sense and moral clarity. These modern-day collaborators are handing the keys of the city to their own executioners, proving that when reality is traded for ideology, the first thing to go is the instinct for self-preservation. By siding with the Mullahs, they have lost all sense of actual fucking reality, trading their heritage for a seat at the table of those who wish to see it burned and them with it.

Monday Music "I can't drive 55" by Sammy Hagar

   I was normally going to run another 70's song today, but today is a different day.  

I have to go to court to fight a ticket I got from one of our overzealous  constables,  I had driven on some striped lines making a right turn and he pulled me over and wrote me a ticket.  I own that one, but he also wrote me another ticket for ignoring a traffic control device.  it is one usually used for people who blow stop signs or run red lights.   I own the first one.....but the 2nd one is as our British cousins say " Not Cricket". so I have the footage from my dash cam and hopefully I can have the judge see things my way.  

     I have been away from Germany since 1991 and I still can't drive the "dreaded double nickel".  I am pleased that they raised the speed limit to 70 on the interstate, I honestly believe that artificially low speed limits are a revenue generation device for the municipality that is running the police in that area. 

    I do have a funny story to go along with this logo,  I had this one on the back window of my 1991 F150 that I had.  it was the late 90's and I had a bad day at the Ford Plant and I was on my way home and I was in the left lane doing down I-75 and it was 2:00 in the morning and I saw this car right on my bumper, so I stomped the gas petal and took off.  A moment later the car was back and the blue lights came on.  I looked at the speedometer and the needle was bouncing off the peg, you know the one that was way past the 85 MPH on the speedometer and I thought "Oh Crap".  Well I turned my turn signal on and moved to the far right and onto the shoulder.  I looked at my side view mirror and saw 3 police cars.

   Yeah kinda like that....Well I turn the truck off and am thinking "I am soo going to jail..."   I was going double the speed limit.   My record was clean though.  Well I saw the police officer with his maglight briefly illuminate the back window of my truck.  He then came to the window and I handed him my drivers license and my insurance card.  He then asked me "Mr XXXXXX, do you know why I pulled you over..?"  I replied "Yes sir, probably speeding."   he chuckled and then asked me " Do you know how fast you were going?"  I replied in the negative "Sir, I don't think my speedometer went that high."   The police officer again chuckled "I tend to agree with you and by the way I do like your can't drive 55 sticker on your back window.....very appropriate..Now you want to tell me why you were going soo fast?".  I figured I would be totally honest, and if I am going to jail, it will be for the proper reason.  "Well Officer, I had a real bad day at work at the Ford Plant, and I just wanted to get home and pretend that today never happened."  The officer nodded, "truthful answer.Now wait in the truck and I will be back."  I cringed and slid lower in my seat and mentally playing the phone conversation with the spousal unit "Hey Honey...I am in jail for speeding, can you bail me out?".  A few minutes later I saw him coming back and I was thinking.."dang...here I am, fixing to go to jail...Will I have a record?   My insurance will skyrocket, and the spousal unit will be pissed."   The officer handed me back my license and commented" Do me a favor...don't speed until you get out of my county.  Have a nice morning..."    I was in a total state of shock....that was the last thing I was expecting.  Well I saw 3 cruisers turn off their lights and move back into traffic.  I waited a few more minutes then headed home.....and I didn't speed until I got out of the county.

    
"I Can't Drive 55" was the lead single and first track from Sammy Hagar's eighth studio album VOA in 1984. Perpetuated by a very successful music video, it became a concert staple that continued throughout Sammy's tours as a member of Van Halen. The song is a reference to the National Maximum Speed Law in the United States, that originally set speed limits at 55 miles per hour (89 km/h).
It is the 100th song on VH1's 100 Greatest Hard Rock Songs.

     

"I was in a rent-a-car that wouldn't go much faster than 55 miles an hour. I was on my way back from Africa. I did a safari for three months throughout Africa. A really great vacation after Three Lock Box. I was traveling for 24 hours, I got to New York City, changed planes, Albany, New York. Got in a rent-a-car. Had a place in Lake Placid at the time, a little log cabin, I used to go there and write with my little boy. Aaron, at that time, went to North Country school when I was on tour. I would go there and see him. It was a really cool getaway. But it took two and a half hours to drive there from Albany. And I was driving from Albany, New York at 2:00 in the morning, burnt from all the travel. Cop stopped me for doing 62 on a four lane road when there was no one else in sight. Then the guy gave me a ticket. I was doing 62. And he said, 'We give tickets around here for over-60.' and I said, 'I can't drive 55.' I grabbed a paper and a pen, and I swear the guy was writing the ticket and I was writing the lyrics. I got to Lake Placid, I had a guitar set-up there. And I wrote that song there on the spot. Burnt."

—Sammy Hagar, 1994

The song's music video was directed by Gil Bettman. The video was shot on location at the Saugus Speedway in Santa Clarita, California.
The song's video includes Sammy and his band being chased and jailed by the California Highway Patrol for traffic violations. The video shows Sammy driving a black Ferrari BB512i which is later tuned up by Sammy's mechanic, Claudio Zampolli. Claudio was driving the Ferrari during the video's opening shot, where the Ferrari fish-tails across the speedway. Sammy claims in the commentary for the video on the DVD, "The Long Road to Cabo" that he burned out his clutch during the video. Sammy drove a 512, but a 308 was also used. Sammy claims it cost him $5800 to fix.
A trial scene is presided over by a judge played in a cameo appearance by John Kalodner. The judge's props were borrowed from director Robert Zemeckis, who had filmed the movie, Used Cars. Sets were built and the video was shot during the summer. There was no air conditioning in the jailhouse set, so the cast and crew were hot.
The yellow jumpsuit worn by Sammy in the video, can be seen at the New Orleans Hard Rock Cafe. A stuntman was used for Sammy's stunts. An exploding ramp was used to throw Sammy across the courtroom.

     
The song has been a signature track for Hagar during and after his tenure with Van Halen, and is commonly used on TV programs and commercials related to automotive racing. Most recently, the song was featured in a NAPA Auto Parts commercial, where NASCAR drivers Michael Waltrip and teammate Dale Jarrett are asking Hagar to keep the noise down during a recording session; in response, Hagar asked Waltrip if he could drive faster. Waltrip's car number at the time of the 2007 commercial was #55 and he had failed to qualify for some races.
In 2001, NBC Sports had Hagar record a "corrected" version, now known as "I Can't Drive 65," reflecting the common 65 MPH speed limit on freeways, for use during Budweiser Pole Award presentations on Winston Cup Series broadcasts on NBC and TNT. It was used from 2001 to 2003 during the broadcasts.
The accelerated version of the song was also available as a download for NHL Rivals 2004.
In 2008, Hagar recorded a newer version of the song that was used in NASCAR Dirt to Daytona 2008 called I can't drive 195, reflecting to the speeds used on NASCAR's biggest tracks Daytona and Talladega.
In 2011, the song became the opening theme for ESPN's NASCAR coverage for the 2011 season.
"I can't drive 55" was an achievement and Easter egg found in Forza Motorsport 4 for owning a Ferrari GTO, the car used in the music video.
The song also played in the 1989 science fiction movie Back to the Future Part II.

"The M-1 Garand wasn't that great...."

 I saw this on farcebook and read the article and initially was going to hiss and boo the author, but as I read it, I realized that he was accurate.  I own several other battle rifles used by the combatants of WWII,   

                                                                 2 of my enfields and my 03A3

                                                  My Garand and my 03A3

                       I also have a couple of nagants

                       Carbine Mosin with the "Dog Collars" and Garand, I also have a mosin made in 1939, it is considered "pre war" because the fit and finish is really good.   I have fired the bolt action rifles and yes the garand gave our guys the edge in a fight. You can use it like a rifle and if necessary, fix bayonets and go steel to steel with the other guys.  more difficult with the modern rifles of today.

I clipped this from Scott Duff on farcebook as part of his CMP postings

The M1 Garand Wasn’t That Great… (Yeah, I Said It)

Let’s just get this out of the way:

The M1 Garand wasn’t that great.

Go ahead, pause, clutch your pearls, fire off an angry comment. I’ll wait.

Because if you’ve spent any time around collectors, shooters, or historians, you know that saying anything less than glowing about the Garand borders on heresy. It’s the sacred cow of American military rifles. The untouchable. The legend. 

And that’s exactly the problem.

We’ve spent so much time polishing the mythology that we’ve forgotten something important: the M1 Garand wasn’t perfect. Not even close.

It was heavy.  

It was long.  

It had that infamous en-bloc clip that pinged like a dinner bell.  

It wasn’t exactly what you’d call “modular.”  

And let’s be honest it wasn’t the easiest rifle to maintain in the mud, snow, and chaos of war.

By modern standards? It’s downright clunky.

So no, the M1 Garand wasn’t that great.

Now that I’ve got your attention, let’s talk about why that statement is both completely true and completely ridiculous.

Because here’s the reality:

The M1 Garand didn’t need to be perfect. It needed to be better than everything else on the battlefield at the time.

And it was.

While much of the world was still issuing bolt-action rifles, American soldiers were carrying a semi-automatic rifle as standard issue. That alone changed the equation. Faster follow-up shots. Greater firepower per soldier. A tangible advantage in real combat not just on paper.

The Garand wasn’t just a rifle. It was a force multiplier.

General George S. Patton didn’t call it “the greatest battle implement ever devised” because it looked pretty in a display case. He said it because it worked again and again, under conditions that would expose any weakness.

Sure, it had quirks. Every great tool does.

But those quirks came wrapped in rugged reliability, practical accuracy, and a design that could be mass-produced and trusted by millions of soldiers who depended on it.

And that’s the part we sometimes overlook.

The M1 Garand wasn’t great because it was flawless.

It was great because it was effective.

It was great because it gave ordinary Americans: farm kids, factory workers, clerks - a rifle that could stand toe-to-toe with anything they faced.

It was great because it helped win a war.

So yeah… the M1 Garand wasn’t that great.

It was something better. It was one of the greatest rifles of all time.

And if that stirs the pot a little? Good 

Because maybe it reminds us to appreciate these rifles not as untouchable icons but as hard-used tools that earned their place in history the only way that matters:

By proving it when it counted.