On March 1, 2016 the IRS issued IR-2016-34 (here), alerting “payroll and human resources professionals to beware of an emerging phishing email scheme that purports to be from company executives and requests personal information on employees.” Recent information indicates that cybercriminals have increased the use of this phishing email in 2017. Identity theft and phishing are both on the 2017 IRS Dirty Dozen List (here).
The email scam uses a corporate officer’s name to request a list of employees and information including social security numbers. The following are some examples of the emails that have been received:
- Kindly send me the individual 2016 W-2 (PDF) and earnings summary of all W-2 of our company staff for a quick review.
- Can you send me the updated list of employees with full details (Name, Social Security Number, Date of Birth, Home Address, Salary)?
- I want you to send me the list of W-2 copy of employees wage and tax statement for 2016, I need them in PDF file type, you can send it as an attachment. Kindly prepare the list and email them to me ASAP.
In one reported instance, the person receiving the information from the company did not like the format the W-2s were in, asked the payroll employee to reformat and resend them, which the employee did.
Once the cybercriminals receive the information they attempt to file fraudulent tax returns for refunds.
According to the IRS, in the first four months of 2016, about 100 organizations reported to the IRS that they had received a W-2 phishing email. Of those 100 organizations, 50 lost data. In the first four months of 2017, approximately 870 organizations reported to the IRS that they received a W-2 phishing email and 200 lost data. Organizations affected by the phishing scam include manufacturers, payroll-service providers, payroll companies, public schools and universities and hospitals. Although 200 organizations does not sound like many, it can translate into hundreds or thousands of taxpayers and millions of dollars of fraudulent refunds.
According to Tamara Powell, acting director of the IRS Return Integrity Compliance Services, the criminals behind identity theft are well funded, technically sophisticated and “they start prepping for [the IRS] filing season before we do.”
The IRS is continuing its efforts to thwart identity theft by increasing funding and manpower dedicated to stop it. However, it is a continuing problem. The IRS has published a guide for any taxpayers that are victims of identity theft (here).
If you have been the victim of identity theft or have any questions related to any other civil tax or criminal tax-related matter, please feel free to contact me at (214) 749-2456 or firstname.lastname@example.org.