August 20, 2015

Authorities across the United States this week arrested dozens of gang members who stand accused of making millions of dollars stealing consumer identities in order to file fraudulent tax refund requests with the Internal Revenue Service (IRS). The arrests highlight the dramatic shift in gang activity in recent years from high-risk drug dealing to identity fraud — a far less risky yet equally lucrative crime.

cashgrafAccording to a story last week at CBS in Los Angeles, some 32 members of the so-called Insane Crip gang and their associates were charged with 283 counts of criminal conspiracy, 299 counts of identity theft, 226 counts of grand theft and 58 counts of attempted theft. Together, they are accused of operating a $14.3 million identity theft and tax fraud scheme.

In Elizabeth, N.J., 14 members of a street gang were arrested in a 49-count indictment charging the defendants with a range of “white-collar crimes,” including filing false tax returns and manufacturing fake gift cards to collect thousands of dollars. According to, the money from the scams was used to support members of the 111 Neighborhood Crips and to aid other gang members who were in jail or prison.

“All 14 defendants face charges under New Jersey’s Racketeer Influenced and Corrupt Organizations (RICO) statute,” NJ’s Tom Haydon writes. “Defendants allegedly bought stolen identities of real people for use in the preparation of fraudulent W-2 forms. Those forms were used for fraudulent income tax returns filed early in the tax season.”

Tax return fraud costs consumers and the U.S. Treasury more than $6 billion annually, according the U.S. Government Accountability Office. And that number is by all accounts conservative. It should not be a surprise that street gangs are fast becoming the foot soldiers of cybercrime, which very often requires small armies of highly mobile individuals who can fan out across cities to cash out stolen credit cards and cash in on hijacked identities.

Tax fraud has become such an ingrained part of the modern gang culture that there is a growing set list of anthems to the crime — a type of rap music that evokes the Narcocorrido ballads of the Mexican drug cartels in that it glorifies making money from identity theft, credit card fraud and tax return fraud.


A key component of cashing out tax return fraud involves recruiting unwitting or willing accomplices to receive the fraudulent refunds. Earlier this year, I wrote about Isha Sesay, a Pennsylvania woman who was arrested for receiving phony IRS refunds on behalf of at least two tax fraud victims — including Mike Kasper, the guy who helped expose the IRS’s pervasive authentication weaknesses and later testified to Congress about his ordeal.

Turns out, the sorts of gang members arrested in the above-mentioned crime sweeps have a different nickname for people like Ms. Sesay: Instead of money mules, they’re derisively known as “drop hoes.” In cybercriminal parlance, a “drop” is a person who can be recruited to help forward stolen funds or merchandise on to the criminals, providing a pivotal buffer against the cops for the thieves.

In this Youtube video (not safe for work), a self-styled rapper calling himself “J-Creek” opines about not being able to find enough drop hoes to help him cash out $40,000 in phony tax refund deposits to prepaid debit cards. It’s been a while since I’ve listened to pop music (let alone rap) but I think this work speaks for itself (if rather lewdly).

The artists allegedly responsible for the tax fraud paean, "Drop Hoes."

The artists allegedly responsible for the tax fraud paean, “Drop Hoes.”

Here are a few choice quotes from the song (I cut out much of it, and someone please correct me if I somehow butchered the lyrics here). I think my all-time favorite line is the one about the role of Intuit’s TurboTax: “She got them stacks then went tax on the turbo.”

Without further ado:

“Tax season again
I need a drop hoe bitch
I wanna be your boyfriend”


“I wanna drop hoe
I mean a drop hoe
That’s waitin’ on the debit card to hit the box hoe”

“Shorty gotta a whole crib and a new range
Said her home girl came with a few names
Told me all a nigga need is a laptop
And she gonna show me what to do to make a tax drop”

“Got a check for forty grand she goin’ buy a hummer
Ball hard got it all from playin’ with numbers
Told her when she break me off I’ma buy a crib
And take it straight to the kit to teach her how to whip”

“I ain’t tryna be on trial resident of the state
You think I’m probably going down federal pen
Scared of money stay broke nigga fuck you
And I’ma steal your information on the dub too [W-2]”

“Bitch gimme nuff to fly stay sky high
Man I own a mother fucker on the Wi-Fi
Momma let that money flow cause she got mo
Hey fuck a dime piece bro I want a drop hoe”


“Shorty got big bank with four cars
Say she need an address she got more cards
Wanna be hood rich honey I’ma show you
Told me get a date of birth don’t forget the Social”

“Oh that’s all I gotta do you can bet that
Meet me at the Amscot I need a check cashed
Tryna’ find a drop hoe it ain’t hard
You can look for new rims and a paint job”

“Keep her hair done nails done nice clothes
Curly two strain twists on a micro
More money than you can spend but she get it in
Say she got a boyfriend but he in the pen”

“Thats everybody’s bitch Im’a bite though
I’m the type a nigga give you what you ask fo
Told that bitch I’m comin home like a furlough
She got them stacks then went tax on the turbo”

This is the latest in a series of stories I’ve been writing over the past few years about the growing menace of tax refund fraud. For more in this series, see this link.

By far, my favorite tax return fraudster is Lance Ealy, an Ohio scam artist who went on the lam after being convicted for tax refund fraud, and proceeded to lead U.S. Marshals on a multi-state chase — all the while continuing to file phony tax refund requests in the names of people already in jail (individuals that Ealy compensated by topping up their prison commissary funds).

90 thoughts on “Street Gangs, Tax Fraud and ‘Drop Hoes’

  1. Kruggles

    “J-Creek Feat”

    Feat as in featuring. The guy is just J-Creek.

    1. fatmaninthebathtub

      “J-Creek Feat” is not a paean to “Little Feat?”

      Bummer. That hoedone music would have been some kind of fusion! 🙁

  2. Mike

    The thing that still shocks me is how much time and resources the FBI puts into bank robberies and how severe the penalties are for it, meanwhile 200 times as much money is lost to stolen ID tax refund fraud but so few people are even investigated for committing it and then if they are caught, get months for stealing millions.

    1. Todd

      Problem is that alot of FEDs like kicking doors, and shy away from the white collar crime.

      1. ODA155

        No… the real problem is that the FED budget is too small to do what they need to do and it only gets smaller.

    2. Scarboni

      Comparing bank robberies to online fraud through dollars stolen only is disengenuous. Bank robberies are often violent crimes as well whereas online fraud are most often not.

      1. Mike

        Why don’t you tell that to someone whose identity has been stolen? Most bank robbers don’t even use guns any more, just a note demanding cash covered by the FDIC.

  3. Dylan

    Haha thanks for another great article, Brian. I never imagined rap would be about tax fraud and cybercime…

        1. BrianKrebs Post author

          I used to have that, and it really helped to elevate the best comments and drown out the crappy ones, but the guy who wrote the plugin stopped developing it. Was a shame we had to remove it; the plugin had multiple security vulnerabilities that needed addressing.

          1. Lady Skazka

            What’s a few security vulnerabilities between friends? 😉

    1. Bob

      Long-handled implements having a thin, flat blade usually set transversely, used to break up the surface of the ground, destroy weeds, etc.

  4. Delilah Perez

    “Shorty got big bank with four cars.” Old Blue Eyes just turned over in his grave.

  5. BrianKrebs Post author

    Okay, so I think we need a name for this type of….ahem…music. The drug dealers in Mexico have narcocorridos. So what is this? Taxrap? Turbotaxidos?

    It’s clear I’m going to have to sponsor a contest.

    1. Mike

      Drop Music

      Drop is the slang that is used in Florida and apparently online as well with this kind of fraud so even if the term is not widely used outside those groups it seems like it fits since those are sort of the epicenters for this kind of crime and the slang will probably spread as the crime spreads, especially now that the IRS limits deposits to three per account or debit card so you need more drops.

    2. Mahhn

      how about Criminal Rap, or C-rap for short 😛 Crap.

    3. Allan Miller

      So, you are looking for a taxonomy, of sorts?

  6. jfletch

    The IRS called today and said they were going to sue me and arrest me and take away my drivers license and take my first-born child (I told them they can HAVE her) and call me all sorts of unpleasant names. Funny thing: when did the IRS start hiring people who speak with heavy Southeast Asian accents? I never knew. But they made all my problems go away with just a credit card number. Now THAT’S putting the SERVICE back in Internal Revenue Service! Yippee!

  7. Jonathan E. Jaffe

    Lance Ealy takes the 2014 prize for Chutzpah a Yiddish word for a person having the quality of audacity, for good or for bad. Filing more fake refunds while on the run from the US Marshal Service might be the modern definition of a very old word.

    Gangsta Rap may (I repeat may) take the prize for the closest to not-quite-music ever. Focusing on illegal activity, US G-R is a subgenre related to other gang and crime-oriented music forms. It is criticized by many sides and supported by others. See Northern Mexico’s contribution is the narcocorrido (drug ballad), genre.

    I wonder what Beethoven thought when, in 1956, Chuck Berry (perhaps the original rocker) told him to Roll Over? Probably very little, aside from being dead by then, ole Ludwig was reportedly quite hard of hearing. Enjoyment is in the ear of the beholder and I’m sure any one’s preferences are abhorred by some others. Still, Baroque, then Classical music was created starting about 1600, making it over 400 years old, yet we listen to it today. What will we listen to in 2415? Probably very little, as we’ll all be gone.

    Insomnia is making me maudlin so I close with something completely suitable for work and should bring a smile to your face (2m 26s)

    The subject was a British chieftain of the Catuvellauni tribe, who led the British resistance to the Roman conquest.

  8. IT Security Dude

    Ya know, these kids have what it takes to become security professionals and make a good living without risking prison.

    I wish I had the balls to recruit them, as I have found that if people are given the opportunity, they usually choose a straighter path.

    1. You're Kidding

      I fail to see how you can come to the conclusion that this group of people have what it takes to be security professionals.

      I’ll go out on a limb and say 99+% of this group of people obtain SSN by buying them off of a site and then file a fraudulent return. I doubt almost any of them are hacking sites to get the data necessary to do this.

      Maybe TurboFraud shouldn’t have made it so easy that a grade school kid could do it before this year. Nothing like trying to grow the bottom line at taxpayers expense.

      1. r

        I have to agree, these are not the type of people you want in IT||IS dude.

        @itdude – No offense Mr. ‘IT Security[sic] dude’ but if you’re that desperate for workers I’m available as winter is coming and Brian technically has my email address. 😛

        I could use a nice work from home/rlogin gig for a change.

    2. Lady Skazka

      Being able to follow a very simple set of instructions, and creating a new tax fraud method are two very different things.
      It’s like being good at Call of Duty, and then thinking that makes you some special ops super solder.

  9. pogue

    I think it’s worth asking why young black men are committing fraud like this. I’m sure some of it is the greed of easy money, but is there a social factor?

    Another song by dead prez, who describe a “how to” method of credit card fraud in another song, I think sums it up pretty well.

    Dead Prez – W4

    1. Delilah Perez

      I think if big tech companies like Microsoft scoped out potential talent and started recruiting smart kids for future careers in tech, starting in middle school, we wouldn’t need an HB-1 Visa program to bring in talented foreigners to fill high-tech jobs. If tech companies scouted the inner city for talent the same way football coaches do, there would be a different end to the life story of people like the ones involved in this news story.

      1. Mike

        Ah you were talking about both songs, anyway Hell Yeah is the other one.

    2. Chuck S


      Although this article specifically mentions blacks, it was be unfair to suggest blacks are the only ones committing these crimes. So instead of asking “why young black men are committing fraud like this?” lets ask why is anyone, men or women , committing fraud like this.

        1. I'm sorry Miss Jackson

          The two gangs mentioned are Crips gangs which are historically black gangs so you could infer a lot of young black guys are involved. That said, maybe gangs these days are less divided along racial lines, but I kind of doubt it.

    3. ODA155

      Probably for the same reasons that young and old white men and women do it…. $$$$$. Please don’t go there.

  10. Nitpicking

    I like listening to rap a lot, I need to find a name for this sub-genre. I knew the cartels dabbled in it, but I had no idea American street gangs did this.

    Also, lyric correction; it would be “shawty” (slang for a “fine ass woman”).

    Good article.

  11. Mickey Avalon

    I notice a lot of these songs are from 4 years ago. Which is funny and sad that we’re playing a bit of catch up. Also kind of obvious how straightforward and low tech this kind of crime has become when the people used to grinding it out on some street corner do this.

  12. George G

    If the option of getting the refunds via prepaid debit cards did not exist this problem would be reduced significantly.

    1. -stephen

      And to determine WHY the “refund to debit card” mechanism persists, find out who gets the fees for their issuance and use.

      1. Bob

        They exist because many of the people who get the Earned Income Tax Credit can’t get checking accounts and the fees from check cashing services are as high or higher than the debit card fees.

        1. r

          That’s oversimplified, and an excuse – I have been with many banks over the years ands too open a checking account at must banks requires only 5 bucks. I think more appropriately this option exists for the people who want INSTANT access to their money.

          1. Timmy

            There’s a lot of reasons why people don’t have a bank account other than not having $5. I’ve been very low income and thus interacted with a lot of my low income peers and I can tell you many of these people do not use banks because they do not trust banks. They do not trust the financial system nor feel comfortable having someone else tend for their money. Many are immigrants that have lived through a banking crisis in their home country (or have family who have). In the same vein many lack financial literacy to navigate and understand the banking system. If you are low income you can be hit by fees you don’t understand pretty easily. Banks may steer them towards accounts that have minimum balance requirements or other requirements they are unable to meet and they don’t have enough resources to shop around. They may be legal immigrants that lack their documents of legal alien status. You have to have a lot of documents to open a bank account. You can also get blacklisted by the banking industry by the ChexSystem. There may also not be any branches of banks in their area so convenience is also a big factor.

  13. B_Brodie

    rock is dead, failed to keep up with the times….

  14. NotMe

    True evolution as white collar crime gets all up in there.
    At least no firearms are required to commit the crime.

    An improvement for everyone.

    And they just print more money, right?

  15. Jay Beckerman

    Hi Brian,
    On another subject, have you studied the CNet downware vulnerability problem which HowToGeek has written about? And CNet isn’t alone as a source or conduit. I haven’t seen this publicized elsewhere.
    I wrote to CNet (used their query page) asking if they are aware of this. I wonder what response, if any, they will have.

    CNet inquiry re download malware
    Some users are reporting ad malware coming from or through CNet. Are you aware of this? Is it with your consent? Are you warning users of this concern? Is it to your company’s financial benefit to allow or promote this? Do you care?

    Got this immediate acknowledgment of the submission:
    Submit a Question
    Case #01473420 has been created. A customer service representative will contact you shortly.

    This is the HowToGeek text (from the linked site): and Others Bundle Superfish-Style HTTPS Breaking Adware

    It’s a scary time to be a Windows user. Lenovo was bundling HTTPS-hijacking Superfish adware, Comodo ships with an even worse security hole called PrivDog, and dozens of other apps like LavaSoft are doing the same. It’s really bad, but if you want your encrypted web sessions to be hijacked just head to CNET Downloads or any freeware site, because they are all bundling HTTPS-breaking adware now.
    Here’s What Happens When You Install the Top 10 Apps
    We installed the top 10 apps from, and you’ll never believe what happened! Well… I guess maybe you might have… [Read Article]

    The Superfish fiasco began when researchers noticed that Superfish, bundled on Lenovo computers, was installing a fake root certificate into Windows that essentially hijacks all HTTPS browsing so that the certificates always look valid even if they aren’t, and they did it in such an insecure way that any script kiddie hacker could accomplish the same thing.

    And then they are installing a proxy into your browser and forcing all of your browsing through it so they can insert ads. That’s right, even when you connect to your bank, or health insurance site, or anywhere that should be secure. And you would never know, because they broke Windows encryption to show you ads.

    But the sad, sad fact is that they aren’t the only ones doing this — adware like Wajam, Geniusbox, Content Explorer, and others are all doing the exact same thing, installing their own certificates and forcing all your browsing (including HTTPS encrypted browsing sessions) to go through their proxy server. And you can get infected with this nonsense just by installing two of the top 10 apps on CNET Downloads.

    The bottom line is that you can no longer trust that green lock icon in your browser’s address bar. And that’s a scary, scary thing.
    How HTTPS-Hijacking Adware Works, and Why It’s So Bad

    Ummm, I’m gonna need you to go ahead and close that tab. Mmkay?

    As we’ve shown before, if you make the huge gigantic mistake of trusting CNET Downloads, you could already be infected with this type of adware. Two of the top ten downloads on CNET (KMPlayer and YTD) are bundling two different types of HTTPS-hijacking adware, and in our research we found that most other freeware sites are doing the same thing.

    Note: the installers are so tricky and convoluted that we aren’t sure who is technically doing the “bundling,” but CNET is promoting these apps on their home page, so it’s really a matter of semantics. If you’re recommending that people download something that is bad, you are equally at fault. We’ve also found that many of these adware companies are secretly the same people using different company names.

    Based on the download numbers from the top 10 list on CNET Downloads alone, a million people are infected every month with adware that is hijacking their encrypted web sessions to their bank, or email, or anything that should be secure.

    If you made the mistake of installing KMPlayer, and you manage to ignore all of the other crapware, you’ll be presented with this window. And if you accidentally click Accept (or hit the wrong key) your system will be pwned.

    Download sites should be ashamed of themselves.

    If you ended up downloading something from an even more sketchy source, like the download ads in your favorite search engine, you’ll see a whole list of stuff that isn’t good. And now we know that many of them are going to completely break HTTPS certificate validation, leaving you completely vulnerable.

    Lavasoft Web Companion also breaks HTTPS encryption, but this bundler installed adware too.

    Once you get yourself infected with any one of these things, the first thing that happens is that it sets your system proxy to run through a local proxy that it installs on your computer. Pay special attention to the “Secure” item below. In this case it was from Wajam Internet “Enhancer,” but it could be Superfish or Geniusbox or any of the others that we’ve found, they all work the same way.

    It’s ironic that Lenovo used the word “enhance” to describe Superfish.

    When you go to a site that should be secure, you’ll see the green lock icon and everything will look perfectly normal. You can even click on the lock to see the details, and it will appear that everything is fine. You’re using a secure connection, and even Google Chrome will report that you are connected to Google with a secure connection. But you aren’t!

    System Alerts LLC is not a real root certificate and you are actually going through a Man-in-the-Middle proxy that is inserting ads into pages (and who knows what else). You should just email them all your passwords, it would be easier.

    System Alert: Your system has been compromised.

    Once the adware is installed and proxying all of your traffic, you’ll start to see really obnoxious ads all over the place. These ads display on secure sites, like Google, replacing the actual Google ads, or they show up as popups all over the place, taking over every site.

    I’d like my Google without malware links, thanks.

    Most of this adware shows “ad” links to outright malware. So while the adware itself might be a legal nuisance, they enable some really, really bad stuff.

    They accomplish this by installing their fake root certificates into the Windows certificate store and then proxying the secure connections while signing them with their fake certificate.

    If you look in the Windows Certificates panel, you can see all sorts of completely valid certificates… but if your PC has some type of adware installed, you’re going to see fake things like System Alerts, LLC, or Superfish, Wajam, or dozens of other fakes.

    Is that from Umbrella corporation?

    Even if you’ve been infected and then removed the badware, the certificates might still be there, making you vulnerable to other hackers that might have extracted the private keys. Many of the adware installers don’t remove the certificates when you uninstall them.
    They’re All Man-in-the-Middle Attacks and Here’s How They Work

    This is from a real live attack by the awesome security researcher Rob Graham

    If your PC has fake root certificates installed in the certificate store, you are now vulnerable to Man-in-the-Middle attacks. What this means is if you connect to a public hotspot, or somebody gets access to your network, or manages to hack something upstream from you, they can replace legitimate sites with fake sites. This might sound far-fetched, but hackers have been able to use DNS hijacks on some of the biggest sites on the web to hijack users to a fake site.

    Once you are hijacked, they can read every single thing that you submit to a private site — passwords, private information, health information, emails, social security numbers, banking information, etc. And you’ll never know because your browser will tell you that your connection is secure.

    This works because public key encryption requires both a public key and a private key. The public keys are installed in the certificate store, and the private key should be only known by the website you are visiting. But when attackers can hijack your root certificate and hold both the public and private keys, they can do anything they want.

    In the case of Superfish, they used the same private key on every computer that has Superfish installed, and within a few hours, security researchers were able to extract the private keys and create websites to test whether you are vulnerable, and prove that you could be hijacked. For Wajam and Geniusbox, the keys are different, but Content Explorer and some other adware also uses the same keys everywhere, which means this problem is not unique to Superfish.
    It Gets Worse: Most of This Crap Disables HTTPS Validation Entirely

    Just yesterday, security researchers discovered an even bigger problem: All of these HTTPS proxies disable all validation while making it look like everything is just fine.

    That means that you can go to an HTTPS website that has a completely invalid certificate, and this adware will tell you that the site is just fine. We tested the adware that we mentioned earlier and they are all disabling HTTPS validation entirely, so it doesn’t matter if the private keys are unique or not. Shockingly bad!

    All of this adware completely breaks certificate checking.

    Anybody with adware installed is vulnerable to all sorts of attacks, and in many cases continue to be vulnerable even when the adware is removed.

    You can check if you are vulnerable to Superfish, Komodia, or invalid certificate checking using the test site created by security researchers, but as we’ve demonstrated already, there is a lot more adware out there doing the same thing, and from our research, things are going to continue to get worse.
    Protect Yourself: Check the Certificates Panel and Delete Bad Entries

    If you are worried, you should check your certificate store to make sure that you don’t have any sketchy certificates installed that could later be activated by somebody’s proxy server. This can be a little complicated, because there’s a lot of stuff in there, and most of it is supposed to be there. We also don’t have a good list of what should and should not be there.

    Use WIN + R to pull up the Run dialog, and then type “mmc” to pull up a Microsoft Management Console window. Then use File -> Add/Remove Snap-ins and select Certificates from the list on the left, and then add it to the right side. Make sure to select Computer account on the next dialog, and then click through the rest.

    You’ll want to go to Trusted Root Certification Authorities and look for really sketchy entries like any of these (or anything similar to these)

    Rocket Tab
    Super Fish
    DO_NOT_TRUSTFiddler_root (Fiddler is a legitimate developer tool but malware has hijacked their cert)
    System Alerts, LLC

    Right-click and Delete any of those entries that you find. If you saw something incorrect when you tested Google in your browser, make sure to delete that one too. Just be careful, because if you delete the wrong things here, you’re going to break Windows.

    We’re hoping that Microsoft releases something to check your root certificates and make sure that only good ones are there. Theoretically you could use this list from Microsoft of the certificates required by Windows, and then update to the latest root certificates, but that’s completely untested at this point, and we really don’t recommend it until somebody tests this out.

    Next, you’re going to need to open your web browser and find the certificates that are probably cached there. For Google Chrome, go to Settings, Advanced Settings, and then Manage certificates. Under Personal, you can easily click the Remove button on any bad certificates…

    But when you go to Trusted Root Certification Authorities, you’re going to have to click Advanced and then uncheck everything that you see to stop giving permissions to that certificate…

    But that’s insanity.
    Stop Trying to Clean Your Infected Computer! Just Nuke it and Reinstall Windows
    Some people spend hours — maybe even days — trying to clean an infected Windows system and ensuring it’s actually… [Read Article]

    Go to the bottom of the Advanced Settings window and click on Reset settings to completely reset Chrome to defaults. Do the same for whatever other browser you are using, or completely uninstall, wiping all settings, and then install it again.

    If your computer has been affected, you’re probably better off doing a completely clean install of Windows. Just make sure to backup your documents and pictures and all of that.
    So How Do You Protect Yourself?

    It’s nearly impossible to completely protect yourself, but here are a few common-sense guidelines to help you out:

    Check the Superfish / Komodia / Certification validation test site.
    Enable Click-To-Play for plugins in your browser, which will help protect you from all of those zero-day Flash and other plugin security holes there are.
    Be really careful what you download and try to use Ninite when you absolutely must.
    Pay attention to what you are clicking any time you click.
    Consider using Microsoft’s Enhanced Mitigation Experience Toolkit (EMET) or Malwarebytes Anti-Exploit to protect your browser and other critical applications from security holes and zero-day attacks.
    Make sure all of your software, plugins, and anti-virus stays updated, and that includes Windows Updates as well.

    But that’s an awful lot of work for just wanting to browse the web without being hijacked. It’s like dealing with the TSA.

    The Windows ecosystem is a cavalcade of crapware. And now the fundamental security of the Internet is broken for Windows users. Microsoft needs to fix this.

    Lowell Heddings, better known online as the How-To Geek, spends all his free time bringing you fresh geekery on a daily basis. You can follow him on Google+ if you’d like.

    Published 02/23/15

    1. Mahhn

      you are a little late, but yeah Cnet/ was bought up by hackers years ago and they repack everything including drivers with malware. I had to kill my sys builder for getting drivers from there last year. After he re-spawned I made sure he only goes to Mfg sites for files.

  16. Throwaway

    Brian, this type of music has been around for a while. Here’s an example from Waka Flocka Flame (a main stream artist!) talking about committing tax fraud:

    The song is self is called “Tax Money”. Some sample lyrics:

    “I’m juggin’ with this tax money / ten bands swipe / twenty bands swipe / thirty bands swipe” (bands is $1000, and swipe is a reference to swiping a credit card)

    “I’m juggin’ with this tax money / new car swipe / new house swipe / new ice swipe” (ice is jewelry)

    “White collar crimes, all I see is dollar signs / I’m gettin’ money on my grind, bitch I’m in my prime / If I get caught sit back and do the time / These charges really don’t hold no weight” (weight in this case is a reference to how long you’d be in prison)

    That’s just from the first verse. There’s many other trap style rap artists out of Atlanta with similar type lyrics in their songs. Could be a good investigation Brian.

    1. Tircuit

      Nice info, thanks.

      And of course many cultures and music styles have songs glorifying bandits and crime somewhere . . . nothing new in that respect.

      But, yes people . . . shred your bills and mail before you recycle. In San Francisco we have recyclers going for cans and thers going for the “paper”.

  17. butter


    Have you put any thoughts into creating a mailing list or discussion forums for your site?

    I think it would be great to develop a community here beyond the blog.

    1. BrianKrebs Post author

      Interesting idea, but how would it be more than just a slightly more organized comments section?

  18. atombath

    Hey IRS,
    If thugs at this level are outsmarting you, you have to know you are doing a terrible job, right?

  19. Dylon

    Name for the style of music should be “Booty Drop” as in stolen goods booty!

  20. CooloutAC

    So is there a way to check if someone filed taxes in your name, without knowing the exact refund amount requested??

  21. Tircuit

    Way to go brothers and sisters! Glad to see we’re getting a piece of the action. Too bad we couldn’t make out like hedge fund managers and credit default swap swindlers, but this is something.

    There really isn’t much of a reason for poor people not to do this. Our system is corrupt with straight criminals making millions lose their retirement, their homes, and their lives.

    But remember that white collar crime usually gives you a light sentence, but that doesn’t go for the poor or people of color – – don’t be fooled.

    1. davidgoldman

      Your statement dumb in the extreme. There is a difference between investment bankers creating creating complex financial instruments that most don’t understand, unfortunately creating a crisis. There is a difference between civil liability and outright stealing from people without working. It’s unfortunate that people like you condone such behavior.

      1. KFritz

        Nice categorical assertions. Please to back up with logical argument or look like sophistical PR flack. (Just watched first Charlie Chan movie in maybe 50 years!)

        Here’s a logical argument. All the listed activities acquire wealth with no perceivable productive activity, at the expense of mostly productive victims. This means that the only differences are complexity and sophistication.

        Readers who believe that hedge funds and private equity are productive or ethical are advised to read regularly.

      2. Elfdring

        No his comment is exactly spot-on. It’s the Goldmans of the world who defend bankers and white color criminals whom humanity must defend itself.

  22. Jack

    All the more reason to adjust your W4 tax exemptions (if you can) so that your IRS “account” is zero or negative. I modified mine so that I owe the IRS a small sum vs. the IRS owing me a big refund. That way, I have nothing to loose if they go after my refund. In fact, joke is on them, and they are welcome to pay what I owe if they want.

  23. batman


    “Interesting idea, but how would it be more than just a slightly more organized comments section?”

    Try it and see!

    An example:

    The Tor Project’s blog often receives comments touching on all sorts of issues in one long depressed page. Many people have cried out for an official Tor forum, but it has never happened. They do have mailing lists, but those are usually for the 1% these days. (Most) People want and enjoy web forums.

    If you don’t like it you could just close it. At least give it a thought. TIA.

    IIRC (maybe/maybe not) I’ve seen you on the Wilders Security forums, so I’m well aware you know the +/- of having a forum.

  24. my nigga

    I’ll never betray or deceive you my friend but…
    If you show me the cash
    Then I will take it
    If you tell me to cry
    Then I will fake it
    If you give me a hand
    Then I will shake it
    You’ll do anything for money…
    Anything for money
    Would lie for you
    Would die for you
    I Even sell my soul to the devil
    Anything for money
    Would lie for you
    Would die for you
    I Even sell my soul to the devil
    Where do your loyalties lie?
    Is that your alibi?
    I don’t think so
    You don’t care
    You’d do her for the money
    Say it’s fair
    You sue her for the money
    Want your pot of gold
    Need the Midas touch
    Bet you sell your soul
    Cause your God is such
    You don’t care

Comments are closed.