As tax season winds on, the W-2 form scam has emerged as one of the most dangerous and common phishing email schemes during this time of year.
W-2s are information-rich documents containing an employee’s name, Social Security number, address, salary, and other personal information. Each year, cyber criminals target these documents in order to sell the sensitive information contained therein and to submit fraudulent tax returns in hopes of defrauding the IRS.
During the 2018 tax season, cyber criminals exposed upwards of 1.4 billion records. In the past few years, the IRS has confirmed that 3 million tax returns were fraudulently filed in the amount of $20 billion. Although the IRS identified and eliminated most of the fraudulent returns, cyber criminals still obtained upwards of $1.6 billion in 2017.
There are many methods by which cyber criminals attempt to obtain W-2 information. The most common, however, is a phishing scheme targeting a company’s human resources or payroll department. Most often, cyber criminals “spoof” the CEO’s email address and request a copy of all employee W-2s via email. Spoofing is the forgery of an email header so that the email appears to have actually originated from the CEO. Upon closer inspection of the actual email address, it proves to be fraudulent.
Employers’ first line of defense is to educate employees with access or privilege to this data that they are a target of these phishing schemes. Increased skepticism and avoidance of these ploys can save employers substantial time and money. Thwarting these phishing schemes will also save your employees the headache of having their returns rejected. A rejected return would necessitate employees file by paper and, in certain circumstances, verify their identity in person at a local IRS location.
If an employee does fall for a W-2 scheme, employers shouldn’t panic. The incident response team at Ballard Spahr is extremely versed in W-2 schemes and can assist you in mitigating the incident in a timely manner. Ballard Spahr’s incident response team provides 24/7 incident response services and can be contacted at 1-800-864-8266.