Over the last few years, the threat of refund fraud and identity theft has become a very real concern, and criminals have proven that they will go to great lengths to get the information they need to complete their scams. This recent phishing scam is no exception.
Criminals Phish HR, Payroll Departments
The IRS recently alerted payroll and human resources professionals of an “emerging phishing email scheme that purports to be from company executives and requests personal information on employees.” The scam has already claimed several victims.
IRS Commissioner John Koskinen said that this particular tactic appears to be “a new twist on an old scheme.” These cyber criminals are using the cover of tax season to trick people into sharing confidential data.
“If your CEO appears to be emailing you for a list of company employees, check it out before you respond,” said Koskinen. “Everyone has a responsibility to remain diligent about confirming the identity of people requesting personal information about employees.”
According to the IRS, a criminal investigation is already in place and several cases in which people have been tricked into sharing social security numbers and other sensitive information with criminals are being reviewed. Officials report that criminals regularly use the stolen personal information to file fraudulent tax returns for refunds.
Remind Employees To Remain Alert
To avoid becoming a victim of this particular scam, encourage your employees to pay close attention to emails that contain the following information:
- The actual name, title and contact information of somebody in the company
o Oftentimes, criminals will use the name of the company’s CEO to enhance the message’s legitimacy.
- A request to provide sensitive information, including:
o The names of employees along with their Social Security Numbers, date of birth, address, and/or salary
o A PDF of an individual’s 2015 W-2 or an earnings summary of all the company’s W-2s.
Other Scams Abound For Businesses, Individuals
Unfortunately, businesses appear to have seen an increase of cyber attacks – especially over the last year. Last June, the Financial Services Information Sharing and Analysis Center, the FBI and the United States Secret Service issued a fraud alert in response to a scam dubbed the “Business Email Compromise,” in which fraudsters compromise “legitimate business email accounts for the purpose of conducting an unauthorized wire transfer.”
Also, in response to a nearly 400 percent increase in phishing and malware incidents so far during this tax season, the IRS also renewed its wider consumer alert for email schemes. These emails are designed by scammers to trick taxpayers into believing they are being sent directly from the IRS, other tax industry professionals and/or software companies.
The best thing to remember when it comes to protecting your business, and yourself, from becoming a victim of fraud is that if something seems a little out of the ordinary, it’s worth checking it out before you act.
By Joseph Popp, JD, LLM (Dublin office)