W-2 Phishing Scams Threaten Tax Refunds and Financial Security
As we approach the final weeks before the April 17, 2018 tax filing deadline (the traditional deadline, April 15, falls on a Sunday this year and April 16 is Emancipation Day, a legal holiday in the District of Columbia), taxpayers need to remain vigilant. Criminals will take every opportunity to commit fraud and tax scams using stolen data or information leaked in one of many data breaches. In some cases, waiting until the last minute can make you more vulnerable.
Tax fraud and tax scams
Nuvision previously wrote about how tax scams can target individual tax filers. But other attempts at fraud target employers and tax preparers in what’s known as W-2 spear phishing attacks – and the IRS warns that such fraud is on the rise. In fact, the IRS said that W-2 scams represent, “one of the most dangerous phishing emails in the tax community.”
W-2 spear phishing involves attempts by criminals to send a bogus email that appears to come from a company executive. Accounting Today says that “Cybercriminals pinpoint chief operating officer [sic], school executives or others in authority.” The fraudulent email will be sent to employees in human resources or payroll departments and will include a request to provide IRS form W-2 information. Because the email appears to be legitimate, employees can be fooled into sending the requested information, which is then used to commit tax-related identity theft.
It’s happening all over the country. In a recent example, the Los Angeles Philharmonic was victimized by a W-2 spear phishing scam. The cybercriminals obtained the W-2 information for everyone who worked for the organization in 2017. In another Southern California case, a man from Canoga Park was sentenced last week to 52 months in federal prison for tax-related wire fraud and identity theft. The man filed more than 340 false tax returns on behalf of unsuspecting victims and collected more than $740,00 in bogus tax refunds from the federal and California state governments.
Credit Union Times reported that W-2 scams will get worse and more frequent for three reasons:
- Criminals have had success in the recent past, which encourages them to try more;
- It requires minimal investment of time and money to commit W-2 spear phishing scams; and
- Targeting large organizations, such as government, public schools and universities, can yield information on hundreds, if not thousands, of potential victims.
In a separate article, Credit Union Times reported that “W-2 phishing emails increased 870 percent from 2016 to 2017.” By comparison, a survey by IdentityForce, which provides identity theft protection software to consumers, businesses, organizations and government agencies, found only a 30 percent increase from 2016 to 2017 in individuals who reported identity theft due to tax fraud.
Protect yourself from tax-related identity theft
A blog post by the online password protection service, LastPass, recently offered six ways to protect yourself this tax season. The tips included:
- Learn how to identify common signs of illegitimate emails and how to avoid phishing scams.
- Avoid vishing, the phone call version of email phishing. The IRS says it, “doesn't initiate contact with taxpayers by email, text messages or social media channels to request personal or financial information.”
- Be judicious in your use of public Wi-Fi network, and do not use it while doing your taxes or accessing any sensitive financial data or personal information.
- Create strong, unique passwords for every online account.
- Look at your credit card and bank statements. They track and record every transaction and payment. Read them. You can access your Nuvision online statements here.
- Buy an inexpensive paper shredder and use it for credit card statements, bank statements, and any other documents that contain personal or financial information.
What you should do if you become a victim of tax-related identity theft
The IRS says that if you suspect you are a victim of identity theft, you must still pay your taxes and file your tax return, even if you must do so by paper. In addition:
- File a complaint with the FTC at www.identitytheft.gov.
- Contact one of the three major credit bureaus to place a ‘fraud alert’ on your credit records:
- Contact your financial institutions and close any financial or credit accounts opened without your permission or tampered with by identity thieves.
For Nuvision members, you can reach us at 800-444-6327 or on our feedback page.
The Identity Theft Resource Center® also has a list of resources, including identity theft fact sheets, solutions, and letter forms, available on its website. The Federal Trade Commission also has consumer information at https://www.consumer.ftc.gov/articles/0008-tax-related-identity-theft.
To stay on top of Nuvision alerts and information related to the risks of fraud and identity theft, financial and data protection, and cybersecurity, check our Fraud Protection blog or follow Nuvision on Facebook and Twitter to receive updates when new articles are published.