IRS warns of nasty W-2 phishing scheme

Cyber-criminals go after corporate payroll admins and HR professionals

irs-warns-of-nasty-w-2-phishing-scheme
Credit: Thinkstock

The Internal Revenue Service has issued its second major warning about tax scams in a little over a month– this one involving a phishing email scheme that look a like a message from company executive requesting personal information from employees.

The IRS said the scheme has claimed several victims as payroll and human resources offices mistakenly email payroll data including Forms W-2 that contain Social Security numbers and other personally identifiable information to cybercriminals posing as company executives.

+More on Network World: Yikes! 10,000 IRS impersonation scam calls are placed every week+

The IRS said its Criminal Investigation unit already is reviewing several cases in which people have been tricked into sharing SSNs with what turned out to be cybercriminals. Criminals using personal information stolen elsewhere seek to monetize data, including by filing fraudulent tax returns for refunds.

This spoofing email scheme will contain, for example, the actual name of the company chief executive officer. In this variation, the “CEO” sends an email to a company payroll office employee and requests a list of employees and information including SSNs.

The IRS noted some of the details contained in the phishing e-mails:

  • “Kindly send me the individual 2015 W-2 (PDF) and earnings summary of all W-2 of our company staff for a quick review.”
  • “Can you send me the updated list of employees with full details (Name, Social Security Number, Date of Birth, Home Address, Salary) as at 2/2/2016.”
  • “I want you to send me the list of W-2 copy of employees wage and tax statement for 2015, I need them in PDF file type, you can send it as an attachment. Kindly prepare the lists and email them to me ASAP.”

The W-2 warning comes on the heels of another warning the agency issued after it saw a 400% surge in phishing and malware incidents so far this tax season.

+More on Network World: FBI: Be suspicious about Web searches for federal information

“The phishing schemes can ask taxpayers about a wide range of topics. E-mails can seek information related to refunds, filing status, confirming personal information, ordering transcripts and verifying PIN information. Variations of these scams can be seen via text messages, and the communications are being reported in every section of the country,” the IRS stated.

According to the IRS:

  • There were 1,026 incidents reported in January, up from 254 from a year earlier.
  • The trend continued in February, nearly doubling the reported number of incidents compared to a year ago.
  • In all, 363 incidents were reported from Feb. 1-16, compared to the 201 incidents reported for the entire month of February 2015.
  • This year's 1,389 incidents have already topped the 2014 yearly total of 1,361, and they are halfway to matching the 2015 total of 2,748.
  • The IRS said that when citizens people click on these email links, they are taken to sites designed to imitate an official-looking website, such as IRS.gov. The sites ask for Social Security numbers and other personal information. The sites also may carry malware, which can infect people's computers and allow criminals to access your files or track your keystrokes to gain information.

This tax season the IRS has observed fraudsters more frequently asking for personal tax information, which could be used to help file false tax returns, another scourge. For example, the IRS estimates it paid $5.2 billion in fraudulent identity theft refunds in filing season 2013.

Check out these other hot stories:

FTC: Imposter scams, identity theft, and debt collection top consumer grumbles

NASA wants to get supersonic with new passenger jet

Oscar ad finds Carrie Fisher and IBM Watson dealing with humans

AAA: Distracted driving, driver apathy for safety making roads treacherous

IT manager gets 30 months in jail for code-bombing firm’s intellectual property

Are we in artificial intelligence winter?

IRS warns: 400% flood in phishing and malware this tax year alone

Einstein was right: Gravitational waves exist!

The iconic Boeing 747 is almost 50!

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.
Must read: Hidden Cause of Slow Internet and how to fix it
Notice to our Readers
We're now using social media to take your comments and feedback. Learn more about this here.