Security News IRS warns on ever-changing “dangerous W-2 phishing scam”

Exterminator

Community Manager
Thread author
Verified
Staff Member
Well-known
Oct 23, 2012
12,527
Just as tax season gets underway in earnest, the Internal Revenue Service put out a warning about what it called dangerous, evolving W-2 scams that are targeting corporations, school districts and other public and private concerns.

“This is one of the most dangerous email phishing scams we’ve seen in a long time. It can result in the large-scale theft of sensitive data that criminals can use to commit various crimes, including filing fraudulent tax returns. We need everyone’s help to turn the tide against this scheme,’’ said IRS Commissioner John Koskinen in a statement. “Taxpayers should avoid opening surprise emails or clicking on web links claiming to be from the IRS. Don’t be fooled by unexpected emails about big refunds, tax bills or requesting personal information. That’s not how the IRS communicates with taxpayers.”

+More on Network World: IBM Watson wants to do your tax returns+

Per the IRS, cybercriminals use various spoofing techniques to disguise an email to make it appear as if it is from an organization executive. The email is sent to an employee in the payroll or human resources departments, requesting a list of all employees and their Forms W-2. This scam is sometimes referred to as business email compromise (BEC) or business email spoofing (BES).
In the latest twist, the cybercriminal follows up with an “executive” email to the payroll or comptroller and asks that a wire transfer also be made to a certain account. Although not tax related, the wire transfer scam is being coupled with the W-2 scam email, and some companies have lost both employees’ W-2s and thousands of dollars due to wire transfers, the IRS stated.

+More on Network World: IBM: Next 5 years AI, IoT and nanotech will literally change the way we see the world+

“The IRS, states and tax industry urge all employers to share information with their payroll, finance and human resources employees about this W-2 and wire transfer scam. Employers should consider creating an internal policy, if one is lacking, on the distribution of employee W-2 information and conducting wire transfers,” the IRS stated.

The W-2 scam, which first appeared last year, is circulating earlier in the tax season and to a broader cross-section of organizations, including school districts, tribal casinos, chain restaurants, temporary staffing agencies, healthcare and shipping and freight. Those businesses that received the scam email last year also are reportedly receiving it again this year, the IRS stated.

The IRS has stated it saw a spike in phishing and malware incidents during the 2016 tax season and scam artists continue to work on confusing taxpayers during filing season

Last year the IRS wrote about the W-2 scam
noting some key details of what businesses and individuals should look for.

The spoofing email scheme will contain, for example, the actual name of the company chief executive officer. In this variation, the “CEO” sends an email to a company payroll office employee and requests a list of employees and information including SSNs. The IRS noted some of the details contained in the phishing e-mails:
  • “Kindly send me the individual 2015 W-2 (PDF) and earnings summary of all W-2 of our company staff for a quick review.”
  • “Can you send me the updated list of employees with full details (Name, Social Security Number, Date of Birth, Home Address, Salary) as at 2/2/2016.”
  • “I want you to send me the list of W-2 copy of employees wage and tax statement for 2015, I need them in PDF file type, you can send it as an attachment. Kindly prepare the lists and email them to me ASAP.”
Organizations receiving a W-2 scam email should forward it to phishing@irs.gov and place “W2 Scam” in the subject line. Organizations that receive the scams or fall victim to them should file a complaint with the Internet Crime Complaint Center (IC3,) operated by the Federal Bureau of Investigation.

The IRS noted too that during tax season, it generally sees a surge in scam phone calls that threaten police arrest, deportation, license revocation and other things. The IRS reminds taxpayers to guard against all sorts of con games that arise at any time and pick up during tax season.

"Don't be fooled by surprise phone calls by criminals impersonating IRS agents with threats or promises of a big refund if you provide them with your private information," said Koskinen. "If you're surprised to get a call from the IRS, it almost certainly isn't the real IRS. We generally initially contact taxpayers by mail."

The Treasury Inspector General for Tax Administration (TIGTA) reports they have become aware of over 10,000 victims who have collectively paid over $54 million because of phone scams since October 2013.

"Everyone can share the word about scam phone calls-- just hang up and don't engage these people," Koskinen said. “Despite recent successes against phone scam artists, these scams constantly evolve and people need to remain vigilant. We’d like to thank law-enforcement, tax professionals, consumer advocates, the states, other government agencies, the Treasury Inspector General for Tax Administration and many others for helping us continue this fight and protect taxpayers."

If you live and work in the U.S. take some time to read this!
 

_CyberGhosT_

Level 53
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Aug 2, 2015
4,286
The US tax system is so behind the times anyway.
We need to go to a pay as you play Tax system and do away with this
headache once and for all. That would nip this in the bud ASAP.
Thanks Exterminator.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top