The IRS has issued an urgent warning about an old scam which has come back with a new twist. The W-2 phishing scam started out targeting large corporations, but has now evolved beyond the corporate world and is targeting school districts, tribal organizations and nonprofits.
The scammers will use various spoofing techniques to disguise an email to make it appear that it came from an organization executive. The email is sent to an employee in the HR or payroll department requesting employee W-2 forms, and a list of all employees on staff.
“This is one of the most dangerous email phishing scams we’ve seen in a long time. It can result in the large-scale theft of sensitive data that criminals can use to commit various crimes, including filing fraudulent tax returns. We need everyone’s help to turn the tide against this scheme,” explains IRS Commissioner John Koskinen.
But that’s not all. Scammers have also been following up with another scam – phase two as they’re calling it. The cybercriminal will follow up with an “executive” email to the payroll or comptroller asking that money be wired into a certain account. Although this is not considered “tax related” the cybercriminal is coupling both scams together resulting in some companies losing not only their employees’ W-2s, but also thousands of dollars due to wire transfers.
BBB has received reports of attacks on organizations in East Texas and advises all establishments in the area to take the following steps:
- Inform All Employees With Access to Distribute This Information: The IRS, states and tax industry urge all employers to share information with their payroll, finance and human resources employees about this W-2 and wire transfer scam. Employers should consider creating an internal policy, if one is lacking, on the distribution of employee W-2 information and conducting wire transfers.
- Send the Scam Email to Officials: According to the IRS, organizations receiving a W-2 scam email should forward it to email@example.com and place “W2 Scam” in the subject line. Organizations that receive the scams or fall victim to them should file a complaint with the Internet Crime Complaint Center (IC3,) operated by the Federal Bureau of Investigation.
- Be Safe Online: Taxpayers and tax preparers should be leery of using a search engine to find technical help with taxes or tax software. Clicking the wrong “tech support” link could cost you. Taxpayers searching for a paid tax professional for tax help can use the IRS Choosing a Tax Professional lookup tool or if taxpayers need free help can review the Free Tax Return Preparation Programs. Taxpayers searching for tax software can use Free File, which offers 12 brand-name products for free, at www.irs.gov/freefile.
As of March 2016, the IRS identified 42,148 tax returns with $227 million claimed in fraudulent refunds. One way businesses and other organizations can help combat identity theft is by helping educate their employees, clients and customers.
“Cybercrime continues to be a major issue”, said Mechele Agbayani Mills, President and CEO of BBB Serving Central East Texas. “It is becoming increasingly important for businesses to be vigilant in protecting their systems and their data against intruders, potential theft and other cybercrimes which could affect the company.”
Correcting the Problem
If your company has been affected by this or is affected in the future by another breach, the most important thing to do when you discover identity fraud is to take action right away. BBB provides multiple resources to aid with the prevention as well as with the aftermath of a breach. Go to bbb.org/cybersecurity for more information.
Report all unsolicited email claiming to be from the IRS or an IRS related function to firstname.lastname@example.org. Likewise, please contact the FBI’s cybercrime division (IC3.gov), and report it to BBB Scam Tracker. For more information about how to be a savvy business owner, please go to bbb.org.
ABOUT BBB: For more than 100 years, Better Business Bureau has been helping people find businesses, brands and charities they can trust. In 2015, people turned to BBB more than 172 million times for BBB Business Reviews on more than 5.3 million businesses and Charity Reports on 11,000 charities, all available for free at bbb.org. The Council of Better Business Bureaus is the umbrella organization for the local, independent BBBs in the United States, Canada and Mexico, as well as home to its national programs on dispute resolution, advertising review, and industry self-regulation.