CNBC first reported that the new scam involves fraudsters rerouting direct deposit accounts, and once checks are made, the paycheck will instead go directly into the criminal’s account.
According to KVC Health Systems, a child welfare nonprofit based out of the Midwest that was hit by the scam reported that the emails look legitimate and intentionally come from the company’s CEO, CFO or payroll director to increase the authenticity of the request.
Reports state that the emails are difficult to discern as phony because they are professional, curt and usually contain a simple request. If a company’s HR department pays out the criminal, the employees will then be subjected to a delayed paycheck.
"They might just say, 'I need to update my direct deposit information,'" Eric Nyberg, director of information technology at KVC, told CNBC. "Or they start with, 'Hey, do you have a second?' and if that target person responds, then they go from there.”
Those who may have been victimized or who received one of the suspicious emails have been advised to:
- Forward non-tax related BEC/BES email scams to the Internal Crime Complaint Center (IC3), which is monitored by the Federal Bureau of Investigation (FBI). You can file a complaint about email scams or other internet-related scams by clicking here.
- If you receive tax-related phishing emails, forward those to firstname.lastname@example.org. Monitoring this account are IRS cyber-security professionals, and using this reporting process enables the IRS and its Security Summit partners to identify trends and issue warnings.
- If you are an employer impacted by the form W-2 scam, forward the email to email@example.com. There is a process employers can follow (at Form W-2/SSN Data Theft: Information for Businesses and Payroll Service Providers).
- If you are an employer who received a form W-2 fraud email but was not affected (meaning you did not click or respond), forward the email to firstname.lastname@example.org.
Click here to follow Daily Voice Shelton and receive free news updates.