It’s the start of tax season, and many employers are sending W-2 forms to employees so they can get ready to file their tax returns.
As was true over the past few years, this is not only the busy season for tax preparers, but also for cyber criminals seeking to reap millions from U.S. taxpayers by filing false tax returns to get a fraudulent tax refund.
This time of year is such a boon for cyber criminals that the Internal Revenue Service has repeatedly issued warnings to companies that cyber criminals are posing as executives in an oldie but goody scam. The scam works like this: the cyber criminal is able to compromise the email of the company by sending a spoofing email that looks like it is coming from the CEO, CFO or Director of Finance to an employee in the payroll department or someone in Human Resources that s/he “needs the W-2s of all employees” ‘urgently’ for a project…Please pdf them to me ASAP.” The dutiful worker does as he or she is asked and the W-2s are sent to the hacker, who then uses them to file fraudulent tax returns.
Although this has been happening for years, employees still fall for this old scheme. It is such a problem that the IRS has issued multiple warnings to get the word out that this scam continues to occur and to assist companies from becoming a victim.
Prevention is possible-here are a few tips that can help:
- Educate employees about the scam so they don’t fall for it
- Put processes in place to personally verify requests for the personal information of employees through another means other than email
- Confirm requests face to face or with voice confirmation (pick up the phone!)
- Encourage a business culture where employees feel enabled and comfortable to challenge executives about odd requests.
We continue to assist companies after they have become the victim of this scam, and we anticipate that the scam will continue to plague clients this year. Executives can help prevent the success of the scam by educating employees and enabling them to be “wicked paranoid” and to challenge any requests that they believe are suspicious.