Payroll tax scam resurfaces this tax season

Tax season is heating up and so are scams.

The scams take different shape, but are all after one thing: Your money.

The IRS and state tax agencies recently issued a warning about a W-2 email phishing scam that is becoming common for this time of year. The W-2 scam first appeared last year when cybercriminals tricked payroll and human resources officials into disclosing employee names, Social Security numbers and income information. The thieves then attempted to file fraudulent tax returns for tax refunds using the stolen information.

This scam is making its rounds again this year, so make sure whoever is handling your payroll double checks any email requests from company officials, especially any asking for lists of Forms W-2 or Social Security numbers of employees.

The phishing scam is known as a “spoofing” email that appears to come from a legitimate company official. It will contain, for example, the actual name of the chief executive officer or owner of the company. The fraudulent email will be sent to the person handling payroll or human resources asking for a list of employees and their identifying information, including Social Security numbers.

According to the IRS, some of the emails contain language similar to these examples:

  • “Kindly send me the individual 2016 W-2 (PDF) and earnings summary of all W-2 of our company staff for a quick review;”
  • “Can you send me the updated list of employees with full details (Name, Social Security Number, Date of Birth, Home Address, Salary);” or
  • “I want you to send me the list of W-2 copy of employees wage and tax statement for 2016, in need them in PDF file type, you can send it as an attachment. Kindly prepare the lists and email them to me asap.”

You will note that the examples include some incorrect grammar, run-on sentences or inappropriate capitalization. This is one clue that the email request is not legitimate.

This is typical of most phishing scams, which have once again made the IRS list of “Dirty Dozen” tax scams for the 2017 filing season.

In these email schemes, criminals pose as a person or organization the taxpayer trusts or recognizes. They may hack an email account and send mass emails under another person’s name.  They may pose as a bank, credit card company, tax software provider or government agency. Criminals go to great lengths to create websites that appear legitimate but contain phony log-in pages. These criminals hope victims will take the bait and provide money, passwords, Social Security numbers and other information that can lead to identity theft.

Scam emails and websites also can infect a taxpayer’s computer with malware without the user knowing it. The malware can give the criminal access to the device, enabling them to access all sensitive files or track keyboard strokes, exposing login information.

You should also be aware of any emails that demand immediate action or seem extremely urgent.  Creating a sense of urgency is designed so that you might do something that normally bypasses your normal procedures.

Another place to look if you are suspicious of electronic communication is the sender’s address. Usually the con artists will use an address that is similar to your company’s domain name, but there is usually a misspelling, an extra or missing punctuation mark, the use of a public email, like Gmail or Yahoo, or other subtle differences that can go overlooked.

Also be sure to check the timing of the email. If you receive an email that would normally be sent during business hours but was sent at an unusual time, like 3 a.m., it is likely a scam.

Remember, don’t ever click on links included in the body of suspicious or questionable emails or open attachments. If in doubt, place a phone call to the person who supposedly sent the email just to verify it is legitimate.

It’s better to be safe than sorry. This would be a good time to establish email safety protocols with your employees and payroll service provider.

Please let us know if we can help you in any way.