IRS Continues to issue Warnings about Phishing Scams 2017

The Internal Revenue Service has continued to issue warnings about a prevalent phishing scam that has been circulating this tax season. The attack comes in the form of an email requesting W-2 forms or other tax information, seemingly from a valid employer or employee email address.

This same attack was used around this time last year, and now attackers are coupling it with another attack, one that requests banking information for a wire transfer – again, seemingly from an employee or employer.

“This is one of the most dangerous email phishing scams we’ve seen in a long time. It can result in the large-scale theft of sensitive data that criminals can use to commit various crimes, including filing fraudulent tax returns. We need everyone’s help to turn the tide against this scheme,’’ said IRS Commissioner John Koskinen.

The attack is what is known formally as a BEC (business email compromise) or BES (business email spoofing) attack, and it typically aims to gain access to tax or banking information for small-medium businesses through natural human error in their employees. Any business using email or online resources for their employees should provide extensive security training, which will drastically decrease the likelihood of being compromised.

A Closer Look at the Attacks

The W-2 scam is not new, appearing last year. Cyber-criminals tricked payroll and human resource officials into disclosing employee names, Social Security numbers and income information. The attackers then attempted to file fraudulent tax returns to steal tax refunds.

The spoofed emails will contain, for example, the actual name of the company chief executive officer. In this variation, the “CEO” sends an email to a company payroll office or human resource employee and requests a list of employees and information including Social Security numbers.

The following are some of the details that may be contained in the emails:

  • Kindly send me the individual 2016 W-2 (PDF) and earnings summary of all W-2 of our company staff for a quick review.
  • Can you send me the updated list of employees with full details (Name, Social Security Number, Date of Birth, Home Address, Salary)?
  • I want you to send me the list of W-2 copy of employee’s wages and tax statements for 2016, I need them in PDF file type, you can send it as an attachment. Kindly prepare the lists and email them to me asap.

New Attack: The Money Wire Request

In the latest addition to the W-2 scam, the cyber-criminal follows up with an “executive” email to the payroll or HR staff and asks that a wire transfer also be made to a certain account. Although not tax related, the wire transfer scam is being coupled with the W-2 scam email, and some companies have lost both employees’ W-2s and thousands of dollars due to wire transfers.

While the money wire request is not a new attack, seeing it coupled with the W-2 attack is what makes it even more important that both employers and employees remain vigilant. The wire request may not come for weeks or even months after the W-2 attack.

What You can Do

As mentioned above, the single most important thing you can do if you’re an employer is ensure that all your employees have adequate online security training. In addition, if you work with any databases or online interactions whatsoever within your company, you need to ensure that your building and network are both physically and digitally secure.

If you aren’t an employer, you should at least read our 10 tips on making the internet a safer place!



Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s