Don’t be too busy to fall for this tax scam

An employer’s life is almost always busy, but it is even more so at the first part of the year with the added responsibilities of preparing documents for filing taxes for both themselves, their business and so their employees can file their taxes as well. Unfortunately, scam artists are counting on this hectic season to catch their victims unaware and walk away with hundreds of stolen identities.

Once again, the IRS is warning of the increasing frequency of a W-2 email phishing scam where cybercriminals trick payroll personnel or those with access to payroll information into disclosing sensitive information for entire workforces.

The criminals either use the information to file fraudulent tax returns or they post it for sale on the Dark Net.

The scam first appeared in 2016 and about 100 cases were reported that year, according to the IRS. The number of reported incidents jumped to nearly 900 in 2017. Of those, more than 200 employers –representing hundreds of thousands of employees –were victimized in the scam.

The IRS is bracing for even more aggressive targeting this year, so make sure whoever is handling your payroll double checks any email requests from company officials, especially any asking for lists of Forms W-2 or Social Security numbers of employees.

The phishing scam is known as a “spoofing” email that appears to come from a legitimate company official. It will contain, for example, the actual name of the chief executive officer or owner of the company. The fraudulent email will be sent to the person handling payroll or human resources asking for a list of employees and their identifying information, including Social Security numbers.

According to the IRS, some of the emails contain language similar to these examples:

  • “Kindly send me the individual 2016 W-2 (PDF) and earnings summary of all W-2 of our company staff for a quick review;”
  • “Can you send me the updated list of employees with full details (Name, Social Security Number, Date of Birth, Home Address, Salary);” or
  • “I want you to send me the list of W-2 copy of employees wage and tax statement for 2016, in need them in PDF file type, you can send it as an attachment. Kindly prepare the lists and email them to me asap.”
  • “hi, are you working today?” before requesting W-2 information.

You will note that the examples include some incorrect grammar, run-on sentences or inappropriate capitalization. This is one clue that the email request is not legitimate. Other clues will be those that demand immediate action; those that are sent at odd times of the night; or those that come from a public domain email (Gmail or Yahoo, for example) or a domain name with misspellings.

Scam emails and websites also can infect a taxpayer’s computer with malware without the user knowing it. The malware can give the criminal access to the device, enabling them to access all sensitive files or track keyboard strokes, exposing login information.

The bottom line is to never click on links included in the body of suspicious or questionable emails or open attachments. If in doubt, place a phone call to the person who supposedly sent the email just to verify it is legitimate.