IRS Warning on W-2 Scams

By: Drew M. Smith

It is that time of year. Many people are gathering their W-2 forms, attempting to do their taxes accurately, and aiming to get the maximum amount of refunds that is warranted to them. However, the IRS has warned against hackers that seem to pop up this time of year. Hackers are trolling the internet and duping people into sharing payroll and tax information with who they think is their boss, coworker or accountant. Hackers are able to do this through the act of phishing.

The method they use is similar in almost all cases. A false e-mail is generated and sent to an employee asking for payroll or tax information. The email looks valid as it would come from a familiar source, possibly their CEO, another officer or their accountant. The unwary victim clicks on it and seeing it comes from a known source at the top sends the requested records. When employees go to file their taxes later, they find their tax returns were already filed and their refund was stolen. A recent IRS post stated.

  1. As of February 5th 2017, there have already been attacks involving 29 thousand victims, all of which involved W-2’s.
  2. The victims include, among others, 10 school systems, a restaurant in Indianapolis and several companies that deal with financial and medical data.

In 2016, the scammers were just targeting the W-2’s. This year, hackers have stepped up their game and demanded wire transfers from the unsuspecting victims.1

One example comes from a company that had long lasting consequences. An employee received an email from their CFO. They asked the victim to send the W-2’s so he could file the tax returns. The employee complied and sent approximately 200 of the company’s W-2’s to the fake address and went about their business. It was only when the employees filed their own taxes did it become apparent what happened. Scammers had filed fraudulent tax returns in their names.

This led to employees being unable to get their proper refunds and had to wait up to 18 months for their refund. When it was brought up to the IRS, they locked their accounts down and launched an investigation. When it was settled, the victims unfortunately received more bad news. The IRS had to deny their ability to electronically do their returns for the foreseeable future, forcing them to file manually for the next several years.

With the rise of hackers and the inevitable chaos of the tax season, it can be quite easy to make a mistake. To keep ahead of them, do not open any unknown emails. In addition, all files related to taxes should not be sent via a public e-mail. You also need to verbally confirm all details related to these requests as they would not normally be sent to employees. Save yourself the headache, don’t fall for these hacks.

1http://www.csoonline.com/article/3165418/security/29000-taxpayers-affected-by-w-2-scams-irs-issues-new-warning.html

Uncategorized, Risk Management, Insurance Articles, Professional Liability