It’s tax season in the United States and cybercriminals are attempting to capitalise on this, once again. A spike in phishing scams, related to the W-2 Form, has been noted since first records at the beginning of 2017.
The Internal Revenue Service (IRS), state tax agencies and the tax industry has issued a warning to all employers to be on guard this tax season as the W-2 Form email phishing scam returns. It has evolved beyond the corporate world and is spreading to other sectors and organisations of all sizes (Individuals may also be targeted). This scam is one of several tax-related phishing scams, suggesting a rise in the interest of criminals to obtain sensitive tax information.
“This is one of the most dangerous email phishing scams we’ve seen in a long time. It can result in the large-scale theft of sensitive data that criminals can use to commit various crimes, including filing fraudulent tax returns. We need everyone’s help to turn the tide against this scheme,’’ said IRS Commissioner John Koskinen. (Quoted in 2017)
Various spoofing techniques are being utilised to disguise an email to make it appear as if it is from an organisation executive. The email is sent to an employee in the payroll or human resources departments, requesting a list of all employees and their W-2 Forms.
The W-2 Form scam expands to a broad cross-section of organisations, including school districts, tribal casinos, chain restaurants, temporary staffing agencies, healthcare and shipping and freight. Those businesses that received the scam email last year are reportedly being targeted again.
Last year the W-2 Form scam made victims of hundreds of organisations and hundreds of thousands of employees. There were about nine times more reports of victims of the scam in 2017 than in the year before. Thousands of employees had their identities compromised and this data could easily be used to commit tax identity theft.
It’s important that Employers remain vigilant as not to be tricked into disclosing sensitive information this tax season.