Just as tax season gets underway in earnest, the Internal Revenue Service put out a warning about what it called dangerous, evolving W-2 scams that are targeting corporations, school districts and other public and private concerns. The IRS noted too that during tax season, it generally sees a surge in scam phone calls that threaten police arrest, deportation, license revocation and other things. The Treasury Inspector General for Tax Administration (TIGTA) reports they have become aware of over 10,000 victims who have collectively paid over $54 million because of phone scams since October 2013.
Phishing scams are not always after money – sometimes, they’re after personally identifiable information. The International Revenue Service has issued a warning, alerting companies that W-2 email phishing scams are on the rise and are targeting businesses, nonprofit organizations and schools.
“This is one of the most dangerous email phishing scams we’ve seen in a long time. It can result in the large-scale theft of sensitive data that criminals can use to commit various crimes, including filing fraudulent tax returns. We need everyone’s help to turn the tide against this scheme,’’ said IRS Commissioner John Koskinen in a statement. “Taxpayers should avoid opening surprise emails or clicking on web links claiming to be from the IRS. Don’t be fooled by unexpected emails about big refunds, tax bills or requesting personal information. That’s not how the IRS communicates with taxpayers.”
Organizations receiving a W-2 scam email should forward it to firstname.lastname@example.org and place “W2 Scam” in the subject line. Organizations that receive the scams or fall victim to them should file a complaint with the Internet Crime Complaint Center (IC3,) operated by the Federal Bureau of Investigation.
This tax season, employers must be vigilant about protecting their employees’ personally identifiable information.
Here are some best practices employers can follow:
|✓||Do not release W-2 or other personally identifiable information on any employee or group of employees without first validating the legitimacy of the request|
|✓||When validating the request, do not simply reply to the email or accept a phone call at face value. If you reply to the email or call a telephone number in the email, you are likely confirming the request with the impostor!|
|✓||Confirm the request with an in-person conversation or by calling the requestor via a telephone number included within a corporate phone directory.|
|✓||If information is released in error, contact experienced legal counsel and notify your insurance carrier immediately.|