Dangerous W-2 Phishing Scam Evolving: Targets Include Government Entities
March 14, 2017
A dangerous email phishing scam could affect your hospital.
Cyber criminals are using spoofing techniques to disguise an email, making it appear like it's coming from an executive within the organization so that the recipient (usually in the payroll or HR department) feels compelled to respond. The cyber criminal asks for a list of employees and their W-2s. They intend to use this information to fake a tax return and fraudulently collect an employee's refund before the employee files themselves. Cyber criminals may also be asking to wire money, and continue to evolve their scams.
The IRS issued an alert in February to all employers to beware of the emerging phishing email scheme. It's spreading to many industries, including health care, school districts, tribal casinos, chain restaurants, temporary staffing agencies, and shipping and freight.
If you believe that your organization has been a victim of these types of scams, you can:
- Report the W-2 thefts to the IRS immediately so that they can begin to help protect the employees from tax-related identity theft. Forward to email@example.com and place "W2 Scam" in the subject line.
- File a complaint with the Internet Crime Complaint Center (IC3,) operated by the Federal Bureau of Investigation.
If you are an employee whose W-2 has been stolen:
- You should review the recommended actions by the Federal Trade Commission atwww.identitytheft.gov or the IRS at www.irs.gov/identitytheft.
- File a Form 14039, Identity Theft Affidavit, if your tax return gets rejected because of a duplicate Social Security number and/or if instructed to do so by the IRS.
If your organization has avoided scams so far, there are measures to take to prevent future attacks. You can:
- Consult cyber security experts about how to establish a culture of security at your organization.
- Enact policies and procedures safeguarding the handling of W-2s during tax season.
- Encourage your employees to be safe online and avoid scam sites fronting as tax return eService sites.
For more information about cyber security, please contact your Eide Bailly representative or Eide Bailly's Cyber Security Leader Anders Erickson at 208.383.4731 or firstname.lastname@example.org.