As the US tax season gets underway, the FBI has issued a warning on increased IRS-related phishing emails.
The alert noted that the IRS’s Online Fraud Detection & Prevention (OFDP) department, which monitors such things, has observed an increase in reports of compromised or spoofed emails requesting W-2 information. A W-2 is the form used to report wages for tax purposes and contains sensitive information, including Social Security numbers.
The most popular gambit remains impersonating an executive, using a compromised or spoofed email account, to obtain W-2 information from an HR professional within the same organization. Individual taxpayers may also be the targeted, the FBI said, but criminals have evolved their tactics to focus on mass data thefts.
It also warned that sometimes these requests were followed by, or combined with, a request for an unauthorized wire transfer.
This scam is just one of several new variations of IRS and tax-related phishing campaigns targeting W-2 information, indicating an increase in the interest of criminals in sensitive tax information.
“If notified quickly after the loss, the IRS may be able to take steps that help protect your employees from tax-related identity theft,” the FBI said. “Any breach of personal information could have an effect on the victim’s tax accounts with the states as well as the IRS.”
To avoid becoming a victim, organizations should limit the number of employees within a business who have the authority to approve and/or conduct wire transfers and handle W-2–related requests or tasks and should use verbal authentication to verify requests for W-2–related information or wire transfer requests that are seemingly coming from executives.