W-2 Scam Targeting Payroll

The Internal Revenue Service, state tax agencies and the tax industry issued an urgent alert today to all employers that the Form W-2 email phishing scam has evolved beyond the corporate world and is spreading to other sectors, including school districts, tribal organizations and nonprofits.

In a related development, the W-2 scammers are coupling their efforts to steal employee W-2 information with an older scheme on wire transfers that is victimizing some organizations twice.

“This is one of the most dangerous email phishing scams we’ve seen in a long time. It can result in the large-scale theft of sensitive data that criminals can use to commit various crimes, including filing fraudulent tax returns. We need everyone’s help to turn the tide against this scheme,’’ said IRS Commissioner John Koskinen.

When employers report W-2 thefts immediately to the IRS, the agency can take steps to help protect employees from tax-related identity theft. The IRS, state tax agencies and the tax industry, working together as the Security Summit, have enacted numerous safeguards in 2016 and 2017 to identify fraudulent returns filed through scams like this. As the Summit partners make progress, cybercriminals need more data to mimic real tax returns.

In the latest twist, the cybercriminal follows up with an “executive” email to the payroll or comptroller and asks that a wire transfer also be made to a certain account. Although not tax related, the wire transfer scam is being coupled with the W-2 scam email, and some companies have lost both employees’ W-2s and thousands of dollars due to wire transfers.

The IRS, states and tax industry urge all employers to share information with their payroll, finance and human resources employees about this W-2 and wire transfer scam. Employers should consider creating an internal policy, if one is lacking, on the distribution of employee W-2 information and conducting wire transfers.

Courtesy of IRS

For more information contact Neikirk, Mahoney and Smith at 502-896-2999

New Phishing Scheme Mimics Software Providers

The Internal Revenue Service today alerted tax professionals to an emerging phishing email scam that pretends to be from tax software providers and tries to trick recipients into clicking on a bogus link.

The email scheme is the latest in a series of attempts by fraudsters to use the IRS or other tax issues as a cover to trick people into giving up sensitive information such as passwords, Social Security numbers or credit card numbers or to make unnecessary payments.

In the new scheme identified as part of the IRS Security Summit process, tax professionals are receiving emails pretending to be from tax software companies. The email scheme requests the recipient to download and install an important software update via a link included in the e-mail.

Once recipients click on the embedded link, they are directed to a website prompting them to download a file appearing to be an update of their software package.  The file has a naming convention that uses the actual name of their software followed by an “.exe extension.”

Upon completion, tax professionals believe they have downloaded a software update when in fact they have loaded a program designed to track the tax professional’s key strokes, which is a common tactic used by cyber thieves to steal login information, passwords and other sensitive data.

Courtesy of IRS

For more information contact Neikrik, Mahoney and Smith at 502-896-2999