IRS warns on ever-changing “dangerous W-2 phishing scam”

IRS says W-2 scam, which first appeared last year, is circulating earlier in the tax season and to a broader cross-section of organizations

irs-warns-on-ever-changing-dangerous-w-2-phishing-scam
Credit: Thinkstock

Just as tax season gets underway in earnest, the Internal Revenue Service put out a warning about what it called dangerous, evolving W-2 scams that are targeting corporations, school districts and other public and private concerns.

“This is one of the most dangerous email phishing scams we’ve seen in a long time. It can result in the large-scale theft of sensitive data that criminals can use to commit various crimes, including filing fraudulent tax returns. We need everyone’s help to turn the tide against this scheme,’’ said IRS Commissioner John Koskinen in a statement. “Taxpayers should avoid opening surprise emails or clicking on web links claiming to be from the IRS. Don’t be fooled by unexpected emails about big refunds, tax bills or requesting personal information. That’s not how the IRS communicates with taxpayers.”

+More on Network World: IBM Watson wants to do your tax returns+

Per the IRS, cybercriminals use various spoofing techniques to disguise an email to make it appear as if it is from an organization executive. The email is sent to an employee in the payroll or human resources departments, requesting a list of all employees and their Forms W-2. This scam is sometimes referred to as business email compromise (BEC) or business email spoofing (BES).

In the latest twist, the cybercriminal follows up with an “executive” email to the payroll or comptroller and asks that a wire transfer also be made to a certain account. Although not tax related, the wire transfer scam is being coupled with the W-2 scam email, and some companies have lost both employees’ W-2s and thousands of dollars due to wire transfers, the IRS stated.

+More on Network World: IBM: Next 5 years AI, IoT and nanotech will literally change the way we see the world+

“The IRS, states and tax industry urge all employers to share information with their payroll, finance and human resources employees about this W-2 and wire transfer scam. Employers should consider creating an internal policy, if one is lacking, on the distribution of employee W-2 information and conducting wire transfers,” the IRS stated.

The W-2 scam, which first appeared last year, is circulating earlier in the tax season and to a broader cross-section of organizations, including school districts, tribal casinos, chain restaurants, temporary staffing agencies, healthcare and shipping and freight. Those businesses that received the scam email last year also are reportedly receiving it again this year, the IRS stated.

The IRS has stated it saw a spike in phishing and malware incidents during the 2016 tax season and scam artists continue to work on confusing taxpayers during filing season

Last year the IRS wrote about the W-2 scam noting some key details of what businesses and individuals should look for.

The spoofing email scheme will contain, for example, the actual name of the company chief executive officer. In this variation, the “CEO” sends an email to a company payroll office employee and requests a list of employees and information including SSNs. The IRS noted some of the details contained in the phishing e-mails:

  • “Kindly send me the individual 2015 W-2 (PDF) and earnings summary of all W-2 of our company staff for a quick review.”
  • “Can you send me the updated list of employees with full details (Name, Social Security Number, Date of Birth, Home Address, Salary) as at 2/2/2016.”
  • “I want you to send me the list of W-2 copy of employees wage and tax statement for 2015, I need them in PDF file type, you can send it as an attachment. Kindly prepare the lists and email them to me ASAP.”

Organizations receiving a W-2 scam email should forward it to phishing@irs.gov and place “W2 Scam” in the subject line. Organizations that receive the scams or fall victim to them should file a complaint with the Internet Crime Complaint Center (IC3,) operated by the Federal Bureau of Investigation.

The IRS noted too that during tax season, it generally sees a surge in scam phone calls that threaten police arrest, deportation, license revocation and other things. The IRS reminds taxpayers to guard against all sorts of con games that arise at any time and pick up during tax season.

"Don't be fooled by surprise phone calls by criminals impersonating IRS agents with threats or promises of a big refund if you provide them with your private information," said Koskinen. "If you're surprised to get a call from the IRS, it almost certainly isn't the real IRS. We generally initially contact taxpayers by mail."

The Treasury Inspector General for Tax Administration (TIGTA) reports they have become aware of over 10,000 victims who have collectively paid over $54 million because of phone scams since October 2013.

"Everyone can share the word about scam phone calls-- just hang up and don't engage these people," Koskinen said. “Despite recent successes against phone scam artists, these scams constantly evolve and people need to remain vigilant. We’d like to thank law-enforcement, tax professionals, consumer advocates, the states, other government agencies, the Treasury Inspector General for Tax Administration and many others for helping us continue this fight and protect taxpayers."

Check out these other hot stories:

Cisco: Faulty clock part could cause failure in some Nexus switches, ISR routers, ASA security appliances

IBM Watson wants to do your tax returns

Cisco amps-up Tetration platform with better security, reduced footprint, AWS cloud adoption

DARPA picks 30 contenders to battle in wireless spectrum competition

Intelligence agency opens $325,000 advanced, automated fingerprint gathering competition

Cisco fosters Blockchain protocol development, IBM shows why technology could relieve security anxiety

Has Cisco broken out of the network hardware box?

10 of the latest craziest and scariest things the TSA found on your fellow travelers

Air Force goes after cyber deception technology

DARPA wants to simulate how social media spreads info like wildfire

Cisco calls on Arista to stop selling products in US after agency reverses patent finding

IBM: Next 5 years AI, IoT and nanotech will literally change the way we see the world

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.
Must read: 10 new UI features coming to Windows 10