Courtesy of the Better Business Bureau
The IRS has issued an urgent warning about an old scam which has come back with a new twist. The W-2 phishing scam started out targeting large corporations, but has now evolved beyond the corporate world and is targeting school districts, tribal organizations and nonprofits.
The scammers will use various spoofing techniques to disguise an email to make it appear that it came from an organization executive. The email is sent to an employee in the HR or payroll department requesting employee W-2 forms, and a list of all employees on staff.
“This is one of the most dangerous email phishing scams we’ve seen in a long time. It can result in the large-scale theft of sensitive data that criminals can use to commit various crimes, including filing fraudulent tax returns. We need everyone’s help to turn the tide against this scheme,” explains IRS Commissioner John Koskinen.
But that’s not all. Scammers have also been following up with another scam – phase two as they’re calling it. The cybercriminal will follow up with an “executive” email to the payroll or comptroller asking that money be wired into a certain account. Although this is not considered “tax related” the cybercriminal is coupling both scams together resulting in some companies losing not only their employees’ W-2s, but also thousands of dollars due to wire transfers.
BBB has received reports of attacks on organizations in East Texas and advises all establishments in the area to take the following steps:
• Inform All Employees With Access to Distribute This Information: The IRS, states and tax industry urge all employers to share information with their payroll, finance and human resources employees about this W-2 and wire transfer scam. Employers should consider creating an internal policy, if one is lacking, on the distribution of employee W-2 information and conducting wire transfers.
• Send the Scam Email to Officials: According to the IRS, organizations receiving a W-2 scam email should forward it to firstname.lastname@example.org and place “W2 Scam” in the subject line. Organizations that receive the scams or fall victim to them should file a complaint with the Internet Crime Complaint Center (IC3,) operated by…
(To continue reading this article, please contact us today for a print or email subscription to the Jefferson Jimplecute! — (903) 665-2462, JIMPLECUTE1848@GMAIL.COM)