Face it, cyber criminals are greedy and harvesting employee generated W2 information from employers is a license to steal from the United States Treasury and also gives an edge to a new twist that takes from you, the employer.
Cybercriminals are stealing your employee W2 information and your money too!
Since 2015, the United States Treasury Department, through the Internal Revenue Service (IRS) has been issuing warnings about the prevalence of W2 schemes and scams. Let’s take a look at the two scams related to employer targeted W2 scams.
Scam #1 Phishing for Employer Held W2 Form Information
In this scam, a cyber criminal who is savvy enough to spoof an email address sends an inquiry to a Human Resources or Payroll person. The sender impersonates a high-level company executive who requests “company-wide” information for all W2 information on all employees who have a W2 on file.
Forbes Magazine tells us the forged emails are practically indistinguishable from real emails from company executives, they may look like the examples below:
“Kindly send me the individual 2016 W-2 (PDF) and earnings summary of all W-2 of our company staff for a quick review.
Can you send me the updated list of employees with full details (Name, Social Security Number, Date of Birth, Home Address, Salary)?
I want you to send me the list of the W-2 copy of employee’s wage and tax statement for 2016, I need them in PDF file type, you can send it as an attachment. Kindly prepare the lists and email them to me asap.”
Armed with this information, the criminals file a bogus tax return in your employee’s name and request a refund. Often, it is only when an employee files a real tax return and asks for an actual refund does the IRS contact them and they become aware of their information being compromised. They may, or may not, report the incident to their employer.
Scam #2 How Cybercriminals Steal Money from Companies
This second scheme is not directly tied to using W2 information from your employees. The scheme is known as a Business Email Spoofing (BEF) or Business Email Compromise (BEC). Companies who fall prey to a W2 phishing scheme may offer cyber criminals targets for this second scam.
The scheme gets it start via email. An executive who is in a high position, orders a lower-level executive with banking authority to transfer a certain amount of money to a new bank account. The senior executive explains in his or her email that the new account was established to correct W2 “discrepancies,” and the IRS would have direct access to it. If the money is transferred, the thief gets a text message and transfers the money again into a nearly untraceable hidden bank account.
How to Protect Your Company from These Tax-Time Rip-offs
Information and education geared towards your employees are the most effective way to stop these scams from working. Warn employees to be on the alert for unusual information requests – requests for W2 information should be confirmed by internal phone calls to the requesting executive.
Executives with banking authority need to be aware of the threat of unusual IRS payments and confirm in person or by internal phone that the request is legitimate.