W2 scams evolving and result in bigger payoffs for criminals. The IRS renews warning to businesses about the scams.
When taxes come due, cyber criminals are in full bloom, scamming businesses out of their W2 employee information. Starting in 2016, the scams became bolder and gullible companies sent thousands of dollars to criminals to pay for W2 withholding shortages.
W2 Scams are Not New
The original phishing scams were designed to have companies release W2 information on employees to those operating the phishing scheme. Unwitting participants respond to a spoofed email from a high executive to the Human Resources Department or the Payroll Department. The bogus email looks and sounds real with and the fake official sending a message along the following lines:
- “Kindly send me the individual 2016 W-2 (PDF) and earnings summary of all W-2 of our company staff for a quick review.
- Can you send me the updated list of employees with full details (Name, Social Security Number, Date of Birth, Home Address, Salary)?
- I want you to send me the list of W-2 copy of employee’s wage and tax statement for 2016, I need them in PDF file type, you can send it as an attachment. Kindly prepare the lists and email them to me asap.”
Once the cyber-criminal has the information, he or she can use the information to file a phony tax return and get a tax refund mailed to them.
Also, the information is detailed and often includes the employee’s
- Name
- Address
- Social Security Number
- Salary
- Marital status
- Number of dependents
This information makes stealing an employee’s identity a simple task. While this has been a profitable operation for cyber-criminals, in 2016 and early 2017, a new wrinkle developed.
What Else Could a Cyber-Criminal Want?
So, stealing a false tax refund and stealing an employee’s identity was not as profitable as some cyber-criminals believed it could be. The new wrinkle was to direct an executive from the company who first provided the thief with W2 information, a request from the same fake official (using a legitimate name and apparently legit business email address) a directive to a colleague with bank account access to wire company funds to a numbered account so that the funds can be used to correct “withholding mistakes.” It seems that the criminals ask for an amount of money that doesn’t raise eyebrows. For small companies, it may be a few hundred dollars and for larger companies many thousands of dollars. All in all, this W2 scam if very profitable. As with all things that are profitable, more people want to get some of the action.
IRS Commissioner John Koskinen said:
“This is one of the most dangerous email phishing scams we’ve seen in a long time. It can result in the large-scale theft of sensitive data that criminals can use to commit various crimes, including filing fraudulent tax returns. We need everyone’s help to turn the tide against this scheme.’’
In fact, for the first month of 2017, 29,000 taxpayers reported being victims of this scheme. As a result, the IRS renewed its frequent warnings about the W2 scam. The IRS suggests that companies be on the lookout for any unusual requests for W2 Employee information and confirm by phone that the alleged executive actually requested the information.
For more information on how to avoid these scams contact [company] today. {company} is an experienced provider of IT security and other IT managed services. We are in {city} and can be reached at {phone} or {email}.