Insights: Article

Dangerous W-2 Phishing Scam Evolving: Targets Include Hospitals

By Anders Erickson

January 02, 2017

A dangerous email phishing scam could affect your hospital.

Cyber criminals are using spoofing techniques to disguise an email, making it appear like it's coming from an executive within the organization so that the recipient (usually in the payroll or HR department) feels compelled to respond. The cyber criminal asks for a list of employees and their W-2s. They intend to use this information to fake a tax return and fraudulently collect an employee's refund before the employee files themselves. Cyber criminals may also be asking to wire money, and continue to evolve their scams.

The IRS issued an alert in February to all employers to beware of the emerging phishing email scheme. It's spreading to many industries, including health care, school districts, tribal casinos, chain restaurants, temporary staffing agencies, and shipping and freight.

If you believe that your organization has been a victim of these types of scams, you can:

  • Report the W-2 thefts to the IRS immediately so that they can begin to help protect the employees from tax-related identity theft. Forward to phishing@irs.gov and place "W2 Scam" in the subject line.
  • File a complaint with the Internet Crime Complaint Center (IC3,) operated by the Federal Bureau of Investigation.


If you are an employee whose W-2 has been stolen:

  • You should review the recommended actions by the Federal Trade Commission at www.identitytheft.gov or the IRS at www.irs.gov/identitytheft.
  • File a Form 14039, Identity Theft Affidavit, if your tax return gets rejected because of a duplicate Social Security number and/or if instructed to do so by the IRS.


If your organization has avoided scams so far, there are measures to take to prevent future attacks. You can:

  • Consult cybersecurity experts about how to establish a culture of security at your organization.
  • Enact policies and procedures safeguarding the handling of W-2s during tax season.
  • Encourage your employees to be safe online and avoid scam sites fronting as tax return eService sites.


Questions?
For more information about cybersecurity, please contact your Eide Bailly representative or Eide Bailly's Cybersecurity Leader Anders Erickson at 208.383.4731 or aerickson@eidebailly.com.

Latest Insights

January 15, 2019
Article
The back and forth on tariffs is wreaking havoc for many businesses. Here’s what you can do to help ease the pain.
January 15, 2019
Article
If you are a farmer who sold to a cooperative in 2018, you will need to provide additional information if you’re looking to take advantage of deductions this tax season.
January 14, 2019
Article
A proposed Accounting Standards Update may make some simplifying accounting alternatives available to nonprofits.
January 11, 2019
Article
Equity and commodity markets experience major losses, the Fed sends a hawkish message, home sales improve, and the economy maintains its momentum.
January 11, 2019
Article
Many financial institutions are starting the process for implementing the Current Expected Credit Loss model (CECL). Here are some helpful tips to consider as you begin your implementation.
January 11, 2019
Article
Is a social media account, such as LinkedIn, a personal account? Does your financial institution’s Acceptable Use policy address the use of social media for work-related business?