Fresno, California – Datatech stays on top of issues impacting our clients and a Form W-2 email phishing scam warning is being issued by the Internal Revenue Service, state tax agencies and the tax industry in general.
Businesses are being victimized where their sensitive employee data is given out to cybercriminals and identities of employees are being stolen. Payroll personnel are being urged to be educated about this scam and companies are being asked to limit who has access to this sensitive employee data.
The Form W-2 scam has emerged as one of the most dangerous phishing emails in the tax community and has victimized hundreds of organizations and hundreds of thousands of employees last year. The phishing email tricks payroll personnel or anyone with access to payroll information into disclosing sensitive information on entire workforces. No business is immune, the scam has impacted small and large employers, public schools and universities, hospitals, tribal governments and charities. The Ag community should not feel that this cannot happen to its employers and employees.
Here’s how the scam works: thieves do their homework and learn who the CEO’s or executives of the company are. A technique known as ‘business email compromise’ or ‘business email spoofing’ is used by thieves to pose as company leaders and send an email requesting Forms W-2 for all employees to that company’s payroll personnel. The email may begin with a simple, “Hi, you working today?”, and then asks for W-2 information. Once they get the data, thieves file fake tax returns or sell the data on the Dark Web. In some reported cases, according the IRS, the fraudster followed the initial W-2 request with a request for a cash wire transfer.
The IRS says, “Reports to firstname.lastname@example.org from victims and nonvictims about this scam jumped to approximately 900 in 2017, compared to slightly over 100 in 2016. Last year, more than 200 employers were victimized, which translated into hundreds of thousands of employees who had their identities compromised.”
The agency is hoping to minimize the scam’s impact in 2018. There are steps the IRS can take to protect employees, but only if they’re notified immediately about any theft that has occurred. The agency has provided some guidelines to help protect employers from becoming victimized, they’ve issued a notification that you can view here.
Datatech serves Ag clients across America and continually works hard to help clients have options to keep their employee data secure. Ask us about Document Management Pro which keeps sensitive employee documents digitally secure in the employee file in Datatech software. The H-256 encryption system used by Datatech is the most secure data encryption system available. Datatech IT Solutions provides managed services including dashboard remote monitoring and secure 24 hour backup.