It’s the start of another year, a time to reflect on the past, make resolutions for the future—and get ready for the annual onslaught of tax scam e-mails and phone calls trying to persuade you to part with your money or valuable information. It happens every year in the weeks and months leading up to the April 15 IRS filing deadline.
The fraudsters running these scams are getting smarter, their fake communications are getting harder to spot, and they’re strategically choosing victims to inflict maximum damage. The opportunity for tax refund fraud – and potential payoff – is ripe for fraudsters. After all, why call one consumer in hopes of getting their tax information when you can email one HR employee in hopes of getting the entire company’s W-2s? The opportunity for tax refund fraud is growing.
Three Ways Phishing and Phone Tax Scams Can Hook You
If you think you’re too well informed to fall for a fake email or call, think again. Tax scam fraudsters know what sets off alarm bells in your head—a call on your home phone claiming to be from the IRS, for example, or an email asking you to pay back taxes. So they’ve graduated to more sophisticated schemes, including a variation on phishing known as business email compromise or business email spoofing.
The latest scams described in a recent IRS alert seem to rely on three key ways to get recipients to let down their guard.
- They focus on employees instead of consumers, targeting people in their roles at work, especially HR- or Finance-related roles.
- Their communications purport to be coming from a boss or co-worker, or from a trusted company partner like the payroll services provider, rather than from the IRS.
- The scammers often request information instead of money—typically employee data such as copies of W-2 forms.
Unless you’ve been living under a rock, you’ve probably already gotten the memo that the IRS doesn’t make phone calls or send emails threatening legal action over supposed back taxes. While you likely wouldn’t fall for a call or email claiming to be from someone with the IRS saying you owe money, you just might take the bait from someone claiming to be with your company’s payroll provider and asking you for W-2 information. That’s what the fraudsters are counting on.
What to Do: Rethink, Relay, Report
Decrease your chances of falling victim to the latest tax scams by taking these steps:
- Rethink what you view as a threat. Depending on your role within your organization, you could be considered a prime target for a fraudster. For example, if you are in HR or Finance, don’t just automatically think, “Payroll is asking for W-2s,” and send the information right along. Instead, let any request for sensitive information set off alarms. Take the time to confirm it’s really Payroll asking. Same goes for contacts from co-workers or your boss. Send a new email (not just a reply to the suspicious one) that says “Did you just ask me for this?” It takes only a few seconds and may save your company and employees a lot of grief.
- Relay information to others, reminding those you work with or manage that they need to be on the alert for scams and directing them to the latest helpful information from the IRS or the “Dirty Dozen” tax scams to watch for. Scams are constantly evolving and changing in response to increased awareness, and being alert to new lines of attack is one of the best defenses anyone can have.
- Report attempts to scam you, whether successful or not. First, be sure to report any suspicious emails or attempted scams to your IT or Corporate Security department. If you’ve actually been scammed out of sensitive data or money, email email@example.com to report it; check out the specifics of what to include in your report first. If you received a scam email, but didn’t take the bait, copy the email headers and send them to firstname.lastname@example.org, with “W2 Scam” in the subject line. To fight these kinds of nefarious activities successfully, the IRS needs as much data as they can get.
You Can Never Be Too Careful
As long as fraudsters have something to gain from tax-related scams, they’re going to keep coming up with variations on the theme to keep people off guard and at risk. Staying safe means staying informed, so make it a point to watch for news about the latest schemes and be prepared to protect yourself. It’s 2018: be careful out there in your inbox.
Author: Heidi Bleau
Category: RSA Fundamentals, Blog Post, Securing the Digital World
Keywords: Phishing, W-2 Scam, Tax Scam, Business E-mail Compromise, Business E-mail Spoofing