Phishing scheme requests Form W-2 and other confidential employee information

By Sally P. Schreiber, J.D.

Payroll and human resources departments should beware of an email phishing scheme in which cybercriminals pose as company executives (including CEOs) and ask for confidential employee information, such as Forms W-2, Wage and Tax Statement, and employees’ Social Security numbers, address, date of birth, and salary, the IRS warned on Tuesday. Once this information has been stolen, it can be used to commit a number of crimes, including filing fraudulent tax returns to obtain refunds.

“This is a new twist on an old scheme using the cover of the tax season and W-2 filings to try tricking people into sharing personal data. Now the criminals are focusing their schemes on company payroll departments,” IRS Commissioner John Koskinen said in a prepared statement. The fraudulent emails use what is called “spoofing,” which makes it appear the messages are from company executives, and often contain the name of the company’s CEO. Payroll departments are warned not to respond to these emails without being sure of who they are sending this information to.

The IRS says its Criminal Investigation division is reviewing several cases in which this latest variation on phishing has tricked people into supplying confidential employee information to cybercriminals.

The IRS recently reported detecting a 400% surge in email phishing schemes and malware attacks this tax season. It reminded taxpayers to be vigilant in protecting their personal information. Phishing schemes recently made the IRS’s annual “dirty dozen” list of top tax scams (see prior coverage here).

Sally P. Schreiber (sschreiber@aicpa.org) is a JofA senior editor. 

SPONSORED REPORT

Tax reform changes are now in effect

With all the recent tax law changes, this year it’s more important than ever to make sure your clients’ tax situations are squared away before year end. This report provides necessary guidance to ensure 2019 starts without a hitch.

PODCAST

Using drones to enhance audits

Hermann Sidhu, CPA, global assurance digital leader at EY, walks us through EY’s exciting new project to use drones to help audit large warehouses and outdoor inventories.