Saturday, August 6, 2016

IRS Alerts Payroll and HR Professionals to 'Phishing' Scheme Involving W-2s

Make sure your CPA and HR Team are aware of this as these Scams Target Taxpayers' Personal Information

The Internal Revenue Service (IRS) has issued an alert to payroll and human resources professionals to beware of a "phishing" email scheme that purports to be from company executives and requests personal information on employees.  This is not just limoted to large busineeses.  This could happen to anyone in Tennessee or Virginia.... from Mountain City to Memphis and from Bristol to Norfolk.

Background
The IRS has learned that this scheme—part of the surge in phishing emails seen this year—has claimed victims as payroll and human resources offices mistakenly email payroll data, including Forms W-2, that contains Social Security numbers (SSNs) and other personally identifiable information to cybercriminals posing as company executives.

IRS Criminal Investigation is reviewing cases in which people have been tricked into sharing SSNs with what turned out to be cybercriminals. Criminals using personal information stolen elsewhere seek to monetize data.

What is a Phishing Scheme?
This phishing variation is known as a "spoofing" email. It will contain, for example, the actual name of the company chief executive officer (CEO). In this variation, the "CEO" sends an email to a company payroll office employee and requests a list of employees and information, including SSNs.

The following are some of the details contained in the emails:

"Kindly send me the individual 2015 W-2s (PDF) and earnings summary of all W-2 of our company staff for a quick review.
Can you send me the updated list of employees, with full details (names, SSNs, dates of birth, home addresses, and salaries)?"

Or

"I want you to send me the lists of W-2 copies of employees' wage and tax statements for 2015. I need them in PDF file type—you can send them as attachments. Kindly prepare the lists and email them to me ASAP."

Additional Information
The IRS, state tax agencies, and the tax industry are engaged in a public awareness campaign to encourage businesses to do more to protect personal, financial, and tax data. IRS Publication 4524 features additional steps you can take to protect your business or just call our Johnson City office at 423.292.4142 or send us an remail requesting more information.

Andrew Darlington CRM, CIC, CBIA, AAI
423.292.4142

#irs
#scam
#phishing
#veritasrm.com
#veritas
#veritasinsurance

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)