IRS warns about growing threat from phishing for W-2 tax form info

194
Visual Content / Flickr

 

The Internal Revenue Service and other agencies are warning tax professionals  about a surge  in scams involving the W-2 forms

The W-2 scam is called a business email compromise or BEC.  The IRS saw a sharp increase in the number of incidents and victims during the 2017 filing season.

A business email compromise occurs when a cyber criminal is able to “spoof”  a company or organization executive’s email address and target a payroll, financial or human resources employee with a request. For example, fraudsters will try to trick an employee to transfer funds into a specified account or request a list of all employees and their  W-Forms

“These are incredibly tricky schemes that can be devastating to a tax professional or business,” said IRS Commissioner John Koskinen. “Cybercriminals target people with access to sensitive information, and they cleverly disguise their effort through an official-looking email request.”

The Federal Bureau of Investigation reported earlier a 1,300 percent increase in identified losses – with more than $3 billion in wire transfers – since January 2015.

SevOne, a technology company with operations in Delaware was hit by an attack in 2016.

SevOne hit by ‘spear phishing’ of payroll data

The FBI found that the culprits behind these scams are national and international organized crime groups who have targeted businesses and organizations in all 50 states and 100 countries worldwide.

In 2017, the IRS saw the number of businesses, public schools, universities, tribal governments and non-profits victimized by the W-2 scam increase to 200 from 50 in 2016. Those 200 victims translated into several hundred thousand employees whose data was stolen. In some cases, the criminals requested both the W-2 information and a wire transfer.

The Form W-2 contains the employee’s name, address, Social Security number, income and withholdings. That information was used to file fraudulent tax returns, and it can be posted for sale on the Dark Net, where criminals also seek to profit from these thefts, the IRS reported.

If the business or organization victimized by these attacks notifies the IRS, the IRS can take steps to help prevent employees from being victims of tax-related identity theft. However, because of the nature of these scams, many businesses and organizations may  not realize for days, weeks or months that they had been scammed.

The IRS established a special email notification address specifically for businesses and organizations to report W-2 thefts: dataloss@irs.gov. Be sure to include “W-2 scam” in the subject line and information about a point of contact in the body of the email. Businesses and organizations that receive a suspect email but do not fall victim to the scam can forward it to the BEC to phishing@irs.gov, again with “W-2 scam” in the subject line.