Insights: Article

Dangerous W-2 Phishing Scam Evolving: Targets Include Hospitals

By   Anders Erickson

January 02, 2017

A dangerous email phishing scam could affect your hospital.

Cyber criminals are using spoofing techniques to disguise an email, making it appear like it's coming from an executive within the organization so that the recipient (usually in the payroll or HR department) feels compelled to respond. The cyber criminal asks for a list of employees and their W-2s. They intend to use this information to fake a tax return and fraudulently collect an employee's refund before the employee files themselves. Cyber criminals may also be asking to wire money, and continue to evolve their scams.

The IRS issued an alert in February to all employers to beware of the emerging phishing email scheme. It's spreading to many industries, including health care, school districts, tribal casinos, chain restaurants, temporary staffing agencies, and shipping and freight.

If you believe that your organization has been a victim of these types of scams, you can:

  • Report the W-2 thefts to the IRS immediately so that they can begin to help protect the employees from tax-related identity theft. Forward to phishing@irs.gov and place "W2 Scam" in the subject line.
  • File a complaint with the Internet Crime Complaint Center (IC3,) operated by the Federal Bureau of Investigation.


If you are an employee whose W-2 has been stolen:

  • You should review the recommended actions by the Federal Trade Commission at www.identitytheft.gov or the IRS at www.irs.gov/identitytheft.
  • File a Form 14039, Identity Theft Affidavit, if your tax return gets rejected because of a duplicate Social Security number and/or if instructed to do so by the IRS.


If your organization has avoided scams so far, there are measures to take to prevent future attacks. You can:

  • Consult cybersecurity experts about how to establish a culture of security at your organization.
  • Enact policies and procedures safeguarding the handling of W-2s during tax season.
  • Encourage your employees to be safe online and avoid scam sites fronting as tax return eService sites.


Questions?
For more information about cybersecurity, please contact your Eide Bailly representative or Eide Bailly's Cybersecurity Leader Anders Erickson at 208.383.4731 or aerickson@eidebailly.com.

Latest Insights

July 13, 2018
Article
Here are some idea for giving your new hire a smooth start into your business and alleviating stress for you.
July 13, 2018
Article
The impact of the recent SCOTUS Wayfair decision will continue to have a ripple effect on businesses and state sales tax compliance.
July 9, 2018
Article
The revenue cycle is a complex system and we have historically given much attention to the front-end and back-end while oftentimes leaving the middle functions of the cycle neglected.
July 3, 2018
Article
FASB Accounting Standards Codification Topic 606, Revenue from Contracts with Customers, provides a 5-step framework for determining revenue recognition.
July 2, 2018
Article
As part of the Tax Reform Act of 1986, the “Kiddie tax,” a taxing regime designed to make the transfer of income items by wealthy parents to lower tax paying children less attractive, was implemented.
July 2, 2018
Article
When it comes to your employees, you likely conducted interviews on them when you first hired them.
July 2, 2018
Article
Nearly ten years after the release of the initial exposure draft, FASB issued ASU 2016-02, Leases - The standard may have been issued, but the conversation about this re-write of legacy guidance has not slowed.
June 29, 2018
Article
Banks look at three broad categories when considering small business financing: business cash flow, personal financial strength, and collateral value.
June 28, 2018
Article
You need to be cautious when entering into a bartering relationship and remember to track everything and the key to accounting for bartering is making sure you still record the income earned and expenses incurred.