The Internal Revenue Service has issued its second major warning about tax scams in a little over a month– this one involving a phishing email scheme that look a like a message from company executive requesting personal information from employees.
The IRS said the scheme has claimed several victims as payroll and human resources offices mistakenly email payroll data including Forms W-2 that contain Social Security numbers and other personally identifiable information to cybercriminals posing as company executives.
+More on Network World: Yikes! 10,000 IRS impersonation scam calls are placed every week+
The IRS said its Criminal Investigation unit already is reviewing several cases in which people have been tricked into sharing SSNs with what turned out to be cybercriminals. Criminals using personal information stolen elsewhere seek to monetize data, including by filing fraudulent tax returns for refunds.
This spoofing email scheme will contain, for example, the actual name of the company chief executive officer. In this variation, the “CEO” sends an email to a company payroll office employee and requests a list of employees and information including SSNs.
The IRS noted some of the details contained in the phishing e-mails:
- “Kindly send me the individual 2015 W-2 (PDF) and earnings summary of all W-2 of our company staff for a quick review.”
- “Can you send me the updated list of employees with full details (Name, Social Security Number, Date of Birth, Home Address, Salary) as at 2/2/2016.”
- “I want you to send me the list of W-2 copy of employees wage and tax statement for 2015, I need them in PDF file type, you can send it as an attachment. Kindly prepare the lists and email them to me ASAP.”
The W-2 warning comes on the heels of another warning the agency issued after it saw a 400% surge in phishing and malware incidents so far this tax season.
+More on Network World: FBI: Be suspicious about Web searches for federal information
“The phishing schemes can ask taxpayers about a wide range of topics. E-mails can seek information related to refunds, filing status, confirming personal information, ordering transcripts and verifying PIN information. Variations of these scams can be seen via text messages, and the communications are being reported in every section of the country,” the IRS stated.
According to the IRS:
- There were 1,026 incidents reported in January, up from 254 from a year earlier.
- The trend continued in February, nearly doubling the reported number of incidents compared to a year ago.
- In all, 363 incidents were reported from Feb. 1-16, compared to the 201 incidents reported for the entire month of February 2015.
- This year's 1,389 incidents have already topped the 2014 yearly total of 1,361, and they are halfway to matching the 2015 total of 2,748.
- The IRS said that when citizens people click on these email links, they are taken to sites designed to imitate an official-looking website, such as IRS.gov. The sites ask for Social Security numbers and other personal information. The sites also may carry malware, which can infect people's computers and allow criminals to access your files or track your keystrokes to gain information.
This tax season the IRS has observed fraudsters more frequently asking for personal tax information, which could be used to help file false tax returns, another scourge. For example, the IRS estimates it paid $5.2 billion in fraudulent identity theft refunds in filing season 2013.
Check out these other hot stories: