W2 Fraud: Beware this Tax Season
These days, most of us are probably aware of CEO fraud, where cybercriminals impersonate high-level executives and trick employees into wiring company funds to an external account. And you may remember hearing about W-2 phishing during last year’s tax season, where scammers impersonated CEOs to extract employee tax forms from unsuspecting finance employees.
Recently we’ve been seeing these two scams combined into a one-two punch. The IRS has released a security alert warning that scammers have started W-2 phishing much earlier than normal this year. Scammers have already extracted W-2 data from a number of U.S. companies, which have subsequently been used to file fraudulent tax returns. What’s worse is that these scammers are following up on their W-2 scam emails with a second set of phishing attacks, where they send a spoofed “executive” email to someone in the finance department demanding an urgent wire transfer.
“The Form W-2 scam has emerged as one of the most dangerous phishing e-mails in the tax community,” the IRS said in a January 2018 alert. During the last two tax seasons, “cybercriminals tricked payroll personnel or people with access to payroll information into disclosing sensitive information for entire workforces,” the alert noted.
Last year, more than 200 employers were victimized, resulting in hundreds of thousands of employees with compromised identities. The scam affected all types of employers, from small and large businesses to public schools and universities, hospitals, tribal governments, and charities.
When a cybercriminal gains access to an individual’s W-2 form information (employee’s name, address, Social Security number, income, and withholdings), they are able to use that information to file fraudulent tax returns, or they post it for sale on the DarkNet.
How does the W-2 phishing scam work?
Cybercriminals do their homework, identifying chief operating officers, school executives or others in positions of authority. Using a technique known as business email compromise (BEC) or business email spoofing (BES), fraudsters posing as executives send emails to payroll personnel requesting copies of Forms W-2 for all employees.
In many cases, the email starts off as a friendly exchange before the fraudster asks for all Form W-2 information. In several reported cases, after the fraudsters acquired the workforce information, they immediately followed that up with a request for a wire transfer.
Any employer should be aware that cyber criminals’ scams constantly evolve, and finance and payroll personnel should be alerted to any unusual requests for employee data. All employees should be reminded that they need to be careful and to keep their W-2 safe. They should be wary of any email appearing to be coming from the IRS, because it could be a phishing scam.
To protect your identity this tax season, take the following precautions:
Use qualified and reputable professionals. If having your taxes prepared for you, be sure to use qualified preparers and make sure they include their Preparer Tax Identification Number. Be wary of preparers who guarantee high-value tax returns. Be cautious of preparers who tell you that you need to obtain other services from them in order for them to complete your taxes. Other services may be notary services, immigration services or sending registered letters.
E-file only from secure computers. Make sure antivirus software is up to date and never use public Wi-Fi to file tax returns. Don’t file taxes from a link in an email.
If you, your business or organization falls victim to the scam or receives a suspect email but does not fall victim to the scam send the full email headers to firstname.lastname@example.org and use “W2 Scam” in the subject line. Contact the professionals at eGuard Tech Services anytime for more information.