There is yet another dangerous phishing scheme circulating once again this tax season involving W-2s that targets corporations, schools and nonprofits. In a recent IRS communication, IRS Commissioner John Koskinen has said that this particularly dangerous scheme could “result in the large-scale theft of sensitive data that criminals can use to commit various crimes, including filing fraudulent tax returns.”
The IRS is warning all types of employers to guard against the scam, which goes like this: an email that appears to be genuine is sent by an executive within the organization to the payroll or HR department and requests a list of all employees and their W-2 forms or social security numbers. Cybercriminals then use this information to file tax returns using the employee names and social security numbers, hoping to receive their tax refunds.
As a follow-up to this, some cybercriminals in disguise will ask for a wire transfer to be made into a fraudulent account (again using what appears to be a genuine email). It has been reported that some companies have lost both employee data and cash in these situations.
Please be alert for both of these schemes, and don’t allow your organization to be victimized. Put in place internal policies that safeguard both the distribution of employee W-2s and associated information, as well as wire transfers.
Please contact a member of your service team, or contact Marie Brilmyer at email@example.com for further discussion.
Cohen & Company is not rendering legal, accounting or other professional advice. Any action taken based on information in this blog should be taken only after a detailed review of the specific facts and circumstances.