During the last two tax seasons, cybercriminals tricked payroll personnel or people with access to payroll information into disclosing sensitive information for entire workforces, according to the IRS. The scam affected all types of employers, from small and large businesses to public schools and universities, hospitals, tribal governments and charities.
In total, more than 900 phishing reports were filed with the IRS in 2017, after just 100 were reported the year before. Last year, more than 200 employers were victimized, which translated into hundreds of thousands of employees who had their identities compromised.
According to the IRS, scammers “do their homework, identifying chief operating officers, school executives or others in positions of authority. Using a technique known as business email compromise (BEC) or business email spoofing (BES), fraudsters posing as executives send emails to payroll personnel requesting copies of Forms W-2 for all employees.
“The Form W-2 contains the employee’s name, address, Social Security number, income and withholdings. Criminals use that information to file fraudulent tax returns, or they post it for sale on the Dark Net.”
Businesses or employees that believe they may have been victimized by scammers have been asked to contact the IRS by emailing phishing.irs.gov with the subject line “W2 Scam.”
Click here to follow Daily Voice Armonk and receive free news updates.