Over the past several years email phishing scams have become more creative in how they trick the end user into turning over confidential information. This year is no exception. The IRS has recently published an article on one of the latest phishing schemes involving W2s. Hopefully, all of our clients are aware from our previous alerts that the IRS does not use email. You should never respond to an email from anyone representing themselves as a representative of the IRS via email. They are not allowed to use this medium. Even when we as professionals know the IRS agent and use secure emails to submit information during an audit, we are not allowed to receive or transmit information through email.
Do not be tricked into providing information that can be used against you for identity theft. If you have any questions please feel free to give us a call at 972-644-7112.
|WASHINGTON – The Internal Revenue Service today issued an alert to payroll and human resources professionals to beware of an emerging phishing email scheme that purports to be from company executives and requests personal information on employees.
The IRS has learned this scheme – part of the surge in phishing emails seen this year – already has claimed several victims as payroll and human resources offices mistakenly email payroll data including Forms W-2 that contain Social Security numbers and other personally identifiable information to cybercriminals posing as company executives.
“This is a new twist on an old scheme using the cover of the tax season and W-2 filings to try tricking people into sharing personal data. Now the criminals are focusing their schemes on company payroll departments,” said IRS Commissioner John Koskinen. “If your CEO appears to be emailing you for a list of company employees, check it out before you respond. Everyone has a responsibility to remain diligent about confirming the identity of people requesting personal information about employees.”
IRS Criminal Investigation already is reviewing several cases in which people have been tricked into sharing SSNs with what turned out to be cybercriminals. Criminals using personal information stolen elsewhere seek to monetize data, including by filing fraudulent tax returns for refunds.
This phishing variation is known as a “spoofing” email. It will contain, for example, the actual name of the company chief executive officer. In this variation, the “CEO” sends an email to a company payroll office employee and requests a list of employees and information including SSNs.
The following are some of the details contained in the e-mails:
The IRS recently renewed a wider consumer alert for e-mail schemes after seeing an approximate 400 percent surge in phishing and malware incidents so far this tax season and other reports of scams targeting others in a wider tax community.
The emails are designed to trick taxpayers into thinking these are official communications from the IRS or others in the tax industry, including tax software companies. The phishing schemes can ask taxpayers about a wide range of topics. E-mails can seek information related to refunds, filing status, confirming personal information, ordering transcripts and verifying PIN information.
The IRS, state tax agencies and tax industry are engaged in a public awareness campaign – Taxes. Security. Together. – to encourage everyone to do more to protect personal, financial and tax data. See IRS.gov/taxessecuritytogether or Publication 4524 for additional steps you can take to protect yourself.