With more of our lives spent online, interent fraud has certainly become prevelant. The IRS alone has already reported a 400% jump in tax phishing scams compared to this time last year. In case you are wondering, phishing is an attempt by cyber criminals to obtain sensitive information, such as passwords, usernames, social security records and credit card details by posing as a real company or person and it is usually done through the means of email. In other words, online criminals find clever ways to ‘bait’ individuals and companies into handing over personal information. The IRS has posted a number of warnings within the past two years regarding tax phishing scams and such schemes are likely to remain a threat well into the future.
What is the Tax Phishing Scam to look out for in 2016?
Up until a year or so ago, tax phishing schemes usually preyed on individuals. What usually happens is a fraudalent company pretending to be the IRS, lures an unsuspecting individual into providing personal information. That personal information is then used to file a tax return in that person’s name. The numbers in the tax return are greatly exaggarated to increase the amount of the return, which ultimately gets deposited into the bank account of the online perpetrator. However, the IRS has sent out new warnings claiming that many tax phishing schemes are now aimed at the payroll departments of companies. What exactly is this scam and what should business personal be aware of?
Human resource and payroll offices are duped into emailing w2 forms containing social security numbers and other sensetive payroll data to cyber criminals posing as the executive of the company. The IRS has made public that several companies have already been tricked this year when the payroll departement received an email from the company “CEO” or “executive” asking for a list of employee names and their information. Of course, many human resource and payroll personal offer up this information without questioning the source simply because it’s hard to question the boss or CEO. However, the IRS is asking every company out there to be extra cautious and provide fair warning to payroll and human resources staff about this phishing scam.
Below is some of the actual language reported by the IRS that is being used for this particular scheme, which is known as a “spoofing’ email. A typical email such as this will contain the actul name of the company CEO or high-level executive asking for the information of the company employees. Several emails have been reported to contain the following:
- Kindly send me the individual 2015 W-2 (PDF) and earnings summary of all w-2 of our company staff for a quick review.
- Can you send me the updated list of employees with full details (Name, Social Security Number, Date of Birth, Home Address and salary.
- I want you to send me the list of W-2 copy of employees wage and tax statement for 2015, I need them in PDF file type, you can send it as an attachment. Kindly prepare the lists and email them to me asap.
What in general should you look out for and do in the case that you are solicited by a tax phishing scheme?
If you receive an email that claims to be from the IRS and ask for personal information in relation to a large inheritence or lottery, do not respond or open any attachments. Forward such email to firstname.lastname@example.org and then delete the original email. Remember that the IRS does not send emails to individuals or companies. Although the email may look authentic, you can be sure that it is fraudalent.
You may also receive a phone call from someone claiming to be a representative of the IRS, you have two options. First, you can hang up, which is the probably the best thing to do since the IRS rarely if never calls individuals. If you feel that it is a real call, but want to verify, ask for the employee’s name, badge number and call 1-800-366-4484 to confirm. However, keep in mind that prepertrators that make phone calls claiming to bet the IRS can be quite agressive and convincing. They are alos known to make threats, ultimately coercing individuals into providing personal information.
If you receive a letter or fax from the IRS, just don’t assume that it is actually from the IRS! Yes, the IRS perfers to contact indiviudals and businesses via postal mail. However, this is another way in which criminals have been know to dupe unsuspecting individuals into forking over their personal information. Also keep in mind that many fraudters are skilled at manipulating letters to the point that they look legite and authentic. Although you may be busy with work or personal life, do take the time to verify that it is a real letter and not a fake. The best thing to do is to go to the IRS home page and verify the document is legit through the form number on the letter. You can also call 1-800-829-1040 to confirm that the letter is real.
As mentioned before, tax phishing scams are becoming the norm. However, as long as you are cautious and dilligent, you won’t have to worry about anything. Whether you are an individual or a company, being on the outlook for phishing schemes is a necessity and something that cannot simply be disregarded in today’s complex world. Hopefully, the tips provided in this article will help you or your company make the right decisions and keep your personal information secure.
If you found this informative, share it with your friends! Click on the icon to the left.