The IRS has advised the taxpayers & tax services professionals about a new fraud involving a phishing email that ask the victims about the W2 data like Social Security Numbers and other personally identifiable information.
“This is a new twist on an old scheme using the cover of the tax season and W-2 filings to try tricking people into sharing personal data,” said IRS Commissioner John Koskinen in a statement. “Now the criminals are focusing their schemes on company payroll departments. If your CEO appears to be emailing you for a list of company employees, check it out before you respond. Everyone has a responsibility to remain diligent about confirming the identity of people requesting personal information about employees.”
This is not the first time taxpayers are faced with such fraud. In fact, IRS Criminal Investigation has received numerous complaints from victims who have shared their or their client's information with cyber criminals on a fraudulent phone call or in an email.
Cybercriminals sitting in a remote part of the world can “spoof” an email address (of someone important in your company) and ask for a report or an actual document. Here at Sanjiv Gupta CPA firm we never call or email our clients or prospects to ask about any kind of personally identifiable information. So, please do not share your social or address with anyone asking for this information.
Watch out for emails that contain such wording (even if the email address appears to be legit).
• Kindly send me the individual 2015 W-2 (PDF) and earnings summary of all W-2 of our [ or Your ] company staff for a quick review
• Please send me the updated list of employees with full details (Name, Social Security Number, Date of Birth, Home Address, Salary) as of 3/7/2016.
• I have not received the list of W-2 copies of employee's wage and tax statement for 2015, Send them in excel sheet or send them as PDF.
You think it can’t happen to you or your employees?
One of the major upcoming startup, Snapchat, announced that last Friday its payroll department was targeted by an email phishing scam in which a scammer impersonated the company’s CEO and asked for employee payroll information. The company informed its employees that, “Unfortunately, the phishing email wasn’t recognized for what it was–a scam–and payroll information about some current and former employees was disclosed externally.”
IRS also announced that they are seeing a 400% surge in similar email phishing emails.
How can you protect your employees and your company?
Do not share personal information unless via employee by clicking on the “Reply” button. Always type the email address and verify it before pressing the send button. Do not share social security or other personal information on the phone.