The Federal Bureau of Investigation (FBI) warned businesses, educational institutions and healthcare organizations regarding the significant increase in phishing attacks on payroll employees. The phishing attacks aim to copy the W-2 forms of employees and the hackers use the copied data for tax fraud and identity theft. There were also some cases reported that payroll employees emailed the information on the W-2 forms of thousands of employees to scammers. The Internal Revenue Service (IRS) statistics last year show that about 200 businesses had been targeted by these phishing attacks and there are over 900 complaints of tax-related scams received.
The IRS’ Online Fraud Detection & Prevention division has been assigned to monitor phishing scams that impersonate the IRS. They had recorded a sharp rise in these types of email scams, which target more businesses than consumers. If consumers are targeted, the email scams are IRS-themed. If businesses are targeted, the email scammers impersonate the company executives. They do a research of the companies to get the names of the CEO and executives, the format of emails and the names of specific payroll accounts department employees to target. Then, they request copies of W-2 forms of the employees that worked during the last fiscal year. Sometimes, the scammers use spoofed email addresses. But if they can hack and use the email accounts of executives, their requests would look more legitimate.
Some scammers go a step further after obtaining the requested W-2 forms. They also request a wire transfer. Many organizations fall for these scams without realizing it for days, weeks and even months. This means that the email scammers are so good at convincing their victims making it difficult to detect their illegal actions.
The FBI recommends several basic security practices that would help minimize the risk of being scammed:
- Authenticate all requests for copies of W-2 Form and tax-related information.
- Select only a few employees who can access employee tax information and make authorized wire transfers.
- Delay transactions for the purpose of additional verification steps.
- Procedures that involve changing bank account information of suppliers need verification by phone with the telephone number taken from an official contact list.
- Set a threshold on wire transfers. Any amount that goes over the set threshold will have more rigorous security checks.
- Double check wire transfers to new trading partners and non-standard transactions especially transfers to overseas accounts.