CEO Fraud and W2 Phishing

They say that death and taxes are the only guarantees in life, but here at Polston Tax Resolutions and Accounting we think there’s a third: Scammers. Every year, scammers try to cash in on the lucrative business of filing fraudulent tax returns, and this year a particularly dangerous W2 phishing scam has come to light. Scammers have already claimed about 29,000 victims in this tax season alone. But information is power, and in today’s blog we’re gong to take a look at scammer strategies, warning signs, how to take preventative action, and what you should do if you happen to be one of the victims.

Scammer Strategies

The big scam this season is what’s known as a Business E-Mail Compromise (BEC) or Business E-mail Spoofing (BES) scam. A BEC scam is a blend of CEO Fraud and W2 phishing. Cyber criminals are utilizing spoofing techniques to disguise themselves as organization executives, often utilizing the victim’s exact e-mail address. Next, the scammer sends an email as the “executive” to an employee in the organization’s payroll or services department. The message, which is almost always marked urgent, requests a list of all employees and their W2 forms. The employee mistakenly forwards the information, which is then used by scammers to file fraudulent returns (or to sell them).

BEC and BES scams are common, but this year there’s a new twist: If the W2 forms have already been sent, the “executive” will send a follow-up email requesting that a wire transfer be made to a certain account. Some companies have lost both their employee’s personal information, and thousands of dollars as a result of this scam.

Warning Signs and Preventative Action

It’s worth mentioning that if you work in Human Resources, you have to be especially vigilant: you’re a scammer’s primary target. The most dangerous thing about a well-put together spoofing campaign is its apparent legitimacy. Scammers will utilize the actual email address of an executive, and will do everything they can to mirror an organization’s digital fingerprint, including its e-mail header, font choice, and signature blocks. Scammers may even try to imitate the personality of an executive, with information pulled from Social Media.

Despite all of this, there are still a few key things to look for in order to easily spot a scam:

If you ever receive a request for your personal information or the information of other employees, and the message looks legitimate, the first thing you should do is expand the address field. If there’s even the slightest thing off about the sender’s e-mail account or domain name, alert the authorities. Be especially wary of e-mails that claim to come from the IRS. The IRS will never initiate taxpayer communication through e-mail.

Additionally, check emails that both request information and discourage contacting the executive for confirmation. And a quick note for employers: One of the best steps you can take towards cyber safety is to empower your employees to confirm the legitimacy of these requests.

If you can confirm that the message you’ve received is a scam, then forward all information to phishing@irs.gov, and place “W2 Scam” in the subject line.

If You’re a Victim:

If the worst has happened and yourself or someone within your organization has erroneously sent personal information to scammers, there are still steps you can take to ensure the safety of your personal information and tax return.

Contact the IRS immediately. You’re not the first person to go through this, and the IRS has identity theft protocol, available here, for both individual and corporate victims of identity theft.

And you can always reach out to us here at Polston Tax Resolution and Accounting. Be sure to browse our services page and fill out the form for a free and confidential consultation. Or give us a call at 884-841-9857. We’re open from 8am-5pm Central.