Tax Season and Fraudulent Cyber Activity
While many companies have become familiar with fraud attempts aimed at convincing employees to wire funds to criminals’ bank accounts, few are familiar with W-2 phishing scams.
Like fraudulent wire transfers, criminals typically impersonate an employee in the C-suite and ask for copies of all employees’ W-2s. These W-2s are then used to file fraudulent tax returns in hopes of intercepting tax refunds.
According to IRS Commissioner John Koskinen, “This is one of the most dangerous email phishing scams we’ve seen in a long time. It can result in the large-scale theft of sensitive data that criminals can use to commit various crimes, including filing fraudulent tax returns. We need everyone’s help to turn the tide against this scheme.’’
The W-2 phishing scam is occurring earlier in the tax season and to a broader scope of organizations. As far as action an employer should take, it is recommended to send a W-2 scam email to firstname.lastname@example.org and place “W2 Scam” in the subject line.
To view the official statement from the IRS, you can click here.
These risks are easily insured against with Cyber Liability Insurance policies. For a consultation or assistance with any cyber inquiries, please contact Dave Wasson, VP, Hays Cyber Liability Practice Leader, or Scott Stence, AVP Executive Risk to learn more about our risk management techniques to avoid these scams.