Payroll and Human Resources Departments Beware: An Update on an Identity Theft Scam

By Joel N. Crouch on May 30, 2017

 

On March 1, 2016 the IRS issued IR-2016-34 (here), alerting “payroll and human resources professionals to beware of an emerging phishing email scheme that purports to be from company executives and requests personal information on employees.” Recent information indicates that cybercriminals have increased the use of this phishing email in 2017. Identity theft and phishing are both on the 2017 IRS Dirty Dozen List (here).  

The email scam uses a corporate officer’s name to request a list of employees and information including social security numbers. The following are some examples of the emails that have been received:

        •     Kindly send me the individual 2016 W-2 (PDF) and earnings summary of all W-2 of our
              company staff for a quick review.
        •     Can you send me the updated list of employees with full details (Name, Social Security
              Number, Date of Birth, Home Address, Salary)?
        •     I want you to send me the list of W-2 copy of employees wage and tax statement for
              2016, I need them in PDF file type, you can send it as an attachment. Kindly prepare
              the list and email them to me ASAP.

In one reported instance, the person receiving the information from the company did not like the format the W-2s were in, asked the payroll employee to reformat and resend them, which the employee did.  

Once the cybercriminals receive the information they attempt to file fraudulent tax returns for refunds.     

According to the IRS, in the first four months of 2016, about 100 organizations reported to the IRS that they had received a W-2 phishing email. Of those 100 organizations, 50 lost data. In the first four months of 2017, approximately 870 organizations reported to the IRS that they received a W-2 phishing email and 200 lost data. Organizations affected by the phishing scam include manufacturers, payroll-service providers, payroll companies, public schools and universities and hospitals. Although 200 organizations does not sound like many, it can translate into hundreds or thousands of taxpayers and millions of dollars of fraudulent refunds.

According to Tamara Powell, acting director of the IRS Return Integrity Compliance Services, the criminals behind identity theft are well funded, technically sophisticated and “they start prepping for [the IRS] filing season before we do.”

The IRS is continuing its efforts to thwart identity theft by increasing funding and manpower dedicated to stop it. However, it is a continuing problem. The IRS has published a guide for any taxpayers that are victims of identity theft (here).

If you have been the victim of identity theft or have any questions related to any other civil tax or criminal tax-related matter, please feel free to contact me at (214) 749-2456 or jcrouch@meadowscollier.com.

     





Disclaimer
The material contained within Meadows Collier Tax Blog - MC Talks Tax and any attached or referenced pages, has been written or gathered by Meadows, Collier, Reed, Cousins, Crouch & Ungerman, L.L.P., for information purposes only. It is not intended to be and is not considered to be legal advice. Transmission is not intended to create and receipt does not establish an attorney-client relationship. Legal advice of any nature should be sought from legal counsel.

© Meadows, Collier, Reed, Cousins, Crouch & Ungerman, L.L.P.901 Main Street, Suite 3700, Dallas Texas 75202phone (214) 744-3700 | toll-free (800) 451-0093 | fax (214) 747-3732Hosted on the FirmWise Platform