Tax season kicks off with W-2 phishing and wire transfer scams

These days, most of us are probably aware of CEO fraud, where cybercriminals impersonate high-level executives and trick employees into wiring company funds to an external account. And you may remember hearing about W-2 phishing during last year’s tax season, where scammers impersonated CEOs to extract employee tax forms from unsuspecting finance employees.

A W-2 Wage and Tax StatementRecently we’ve been seeing these two scams combined into a one-two punch. The IRS has released a security alert warning that scammers have started W-2 phishing much earlier than normal this year. Scammers have already extracted W-2 data from a number of U.S. companies, which have subsequently been used to file fraudulent tax returns. What’s worse is that these scammers are following up on their W-2 scam emails with a second set of phishing attacks, where they send a spoofed “executive” email to someone in the finance department demanding an urgent wire transfer.

“This is one of the most dangerous email phishing scams we’ve seen in a long time,” IRS Commissioner John Koskinen said. “Although not tax related, the wire transfer scam is being coupled with the W-2 scam email, and some companies have lost both employees’ W-2s and thousands of dollars.” A recent Federal Trade Commission report indicated that tax fraud contributed to a 50% increase in identity theft in 2015, and we think the upward trend will likely continue.

What should you do about this?

Most importantly, we suggest you send this email to anyone you feel may be at risk, whether employees, friends, or family. Feel free to modify the email to fit your needs:

[ALERT] Cybercriminals are starting their tax scams early this season! They are now combining two scams into a strong one-two punch. First, they ask you to send them the W-2 forms for all employees, with the email looking like it comes from the CEO or a C-level executive. Next, they follow up with an urgent request to transfer a large sum of money to a bank account controlled by these cybercriminals.

Remember: requests like this should raise a red flag. You should verify that the request is legitimate by calling the sender directly or, better yet, talking to them in person. These scam emails are often pushy and urgent, but don’t be afraid to spend five minutes verifying them, even if it’s the CEO making the request!

To learn more about how to spot phishing attacks, check out this helpful video. Cybercriminals are out in force this tax season, so make sure you stay alert and think before you click!

After educating your team, make sure you report any suspicious emails. According to the IRS, organizations receiving a W-2 phishing email should immediately forward it to phishing@irs.gov with “W2 Scam” as the subject line. Anyone receiving phishing scams or falling victim to one should also file a complaint with the FBI’s Internet Crime Complaint Center (IC3).

If you think your W-2 form has been stolen: you should review the Federal Trade Commission’s recommendations at www.identitytheft.gov or the IRS’s steps at www.irs.gov/identitytheft. If your tax return was rejected because of a duplicate (likely stolen) Social Security number, you should immediately file a Form 14039 Identity Theft Affidavit with the IRS.

Finally, we suggest filing your taxes as soon as you can this year—a fraudulent tax return will be rejected if you beat the cybercriminals to the punch.

If you’re not sure whether your company is protected from the latest cybersecurity threats, we’d love to help you assess your vulnerabilities and then work with you to take action. Click here to make an appointment to discuss your security assessment. And don’t forget to stay safe out there!