Don’t Fall Victim to Dangerous W-2 and Lender Phishing Scams
Author: Becky Luther, Tax Senior at Delap
A resurgence of W-2 phishing scams is again threatening business owners. All business owners and their employees should be on the alert for cybercriminals attempting to steal W-2 and other sensitive personal information through a phishing scam. W-2 phishing scams made victims of hundreds of organizations and many thousands of employees in 2017, and are again emerging as one of the most dangerous phishing email scams.
How Does It Work?
Cybercriminals will seek to obtain copies of W-2s or other personal information by sending an email to staff, impersonating someone of authority within a company or school community and making an urgent request for sensitive data. These smart criminals are really doing their homework to identify who the authority figures are in an organization. They do this by using a technique known as business email compromise (BEC) or business email spoofing (BES). On the surface it looks like they are using the email addresses of the CEO, CFO, or school executives to send fraudulent emails requesting copies of W-2s. Because these emails appear to come from authority figures in the organization, it instills trust in employees and fear not to comply, because no one wants to tell the boss no. These criminals then take this information and use it to file fraudulent tax returns, or post it for sale on the internet.
The single solution to the problem is increasing awareness and making sure employees are comfortable asking executives about suspicious email requests. Companies should educate their staff about the possibility that they may receive phony emails asking for W-2s or other sensitive information. Employees should be empowered to ask questions and require more information before they comply with requests for personal information.
Stay on the alert for phony bank confirmations related to home mortgages. These too are on the rise.
What should you do if you fall victim?
If the business organization notifies the IRS, they can take steps to prevent employees from falling victims of tax-related identify theft. The IRS has established special email notification addresses for employers to report Form W-2 data thefts or suspicious attempts from fraudsters to get information from companies. Employers can learn more at the IRS website.
Other related blog articles: