The Internal Revenue Service, state tax agencies and the tax industry issued an urgent alert to all employers that the Form W-2 phishing scam has evolved beyond the corporate world and is spreading to other sectors, including school districts, tribal organizations and nonprofits. In a related development, the W-2 scammers are coupling their efforts to steal employee W-2 information with an older scheme on wire transfers that is victimizing some organizations twice.
Here’s how the W-2 phishing scam works: Cybercriminals use various spoofing techniques to disguise an email to make it appear as if it is from an organization executive. The email is sent to an employee in the payroll or human resources department, requesting a list of all employees and their Forms W-2. This scam is sometimes referred to as business email compromise (BEC) or business email spoofing (BES). In the latest twist, the cybercriminal follows up with an “executive” email to the payroll department or comptroller and asks that a wire transfer also be made to a certain account. Although not tax related, the wire transfer scam is being coupled with the W-2 scam email, and some companies have lost both employees’ W-2s and thousands of dollars due to wire transfers.
“This is one of the most dangerous email phishing scams we’ve seen in a long time. It can result in the large-scale theft of sensitive data that criminals can use to commit various crimes, including filing fraudulent tax returns. We need everyone’s help to turn the tide against this scheme,”‘ said IRS Commissioner John Koskinen.
To read the full article, click here or if you have questions, contact Mike Cameron, CPA at 800-880-7800, ext. 1394.
To read additional articles, see the HSC Manufacturing & Wholesale Distribution News January/February 2017 Issue.
