Scammers Work Harder During Tax Season
It’s that time of year again. New Year resolutions? Bad weather? Taxes? While all of these are true, we are talking about something with a bit more severity – scam season.
Yes, this is the time of year when fraudsters deploy new ways to try and steal the identities of honest, hard-working men and women. They are working overtime to cheat people out of their tax refunds and pilfer money from employers. While new hoaxes are always in the news, the onset of tax season is when we really see a bump in activity. The best thing you can do is be informed and diligent.
While some of these have been going around for a while, there are always new twists and methods to be aware of. Here is your list of the latest cons:
W-2 scams usually target payroll employees via emails that appear to be from a company or HR executive. The message usually starts with a friendly greeting but then morph into a phishing scam looking for Form W-2 information – and it is normally of an urgent nature.
If these requests are fulfilled, all of that employee’s data falls into the wrong hands and it can take weeks until someone realizes the data theft occurred.
No one is exempt from this.
This particular scam has hit every industry out there, from nonprofits, schools and government agencies to hospitals, companies and payroll providers.
W-2s are the forms you include when you file your taxes that have information such as your name, address, Social Security number, income and tax withholdings. That is just about everything a scam artist needs to commit tax-related identity theft, which is when someone uses your stolen Social Security number to file a fraudulent tax return to get a refund. It’s the same information that can be used to open a new credit card or take out a loan in your name.
Also, an important reminder and best practice, is to encourage you to file your return as soon as possible to reduce the risk of someone filing a fake return in your name.
Direct deposit scam
This con involves emails that impersonate an executive and are sent to payroll or HR. The email asks the payroll or HR staff to change their direct deposit account information. The thief then gives the payroll employee their bank account and routing number.
Wire transfer scam
Again, these emails impersonate an executive in the company and are sent to the controller or someone responsible for wire transfers. The email requests a wire transfer made to a specific account controlled by the thief. And again, these are usually of an urgent nature.
Listen to episode 124, “Don’t Open That Email,” on our award-winning podcast, unsuitable on Rea Radio, featuring Mike Moran, president of Affiliated Resource Group.
Help Protect Your Company And Employees
Minimize the chances of becoming a victim by having a sound company policy, complete with training. The individual efforts of staffers also play a role. Here are some ways to help protect your company against W-2 spoofs.
- Raise awareness: Remind staff that this is prime season for W-2 phishing scams. Ensure all employees — especially those with access to tax information — know what to do.
- Have a company policy: This should include the type of information that can be sent by email as well as rules regarding sensitive financial information and steps to take when something happens.
- Stay vigilant: If you receive an email asking for sensitive information, do not comply. Such requests might include not only tax information or payroll records, but also account numbers or passwords.
- Verify the sender: If you receive a request from a company executive, contact the sender by phone to help make sure the request is legitimate. Be careful about sending the information, even if the executive says it’s OK.
- Provide training for staff: Employees should know what to look for and what to do should something happen.
Employees should let their IT department and company executives know of any wrong-doing. Individuals should visit the IRS web site for steps to take if they are victim of a data breach. The following are a few ways for businesses to then report these scams.
- Notify the IRS of any data loss at email@example.com. Be sure to provide contact information such as business name, EIN, phone number, a summary of the loss and number of employees impacted. You need to type “W2 Data Loss” in the subject line. Do not attach any employee information.
- Email the Federation of Tax Administrators at StateAlert@taxadmin.org to get information on how to report victim information to the states.
- Contact the FBI’s Internet Crime Complaint Center. You may be asked to also file a report with your local law enforcement agency.
- Contact employees so they can take steps to protect themselves from identity theft. The Federal Trade Commission’s www.identitytheft.gov provides guidance on general steps.
- Forward any scam emails to firstname.lastname@example.org.
Remember, the IRS will not initiate contact with taxpayers by email, text messages or social media channels to request personal or financial information. Any contact from the IRS will is usually in response to a contact initiated by you. On occasion, the IRS employees may first call or visit with a taxpayer. In some instances, advance notice is provided in writing via a letter or notice delivered by the U.S. Postal Service.
The IRS does not threaten to come to your house and arrest you, nor does the IRS demand gift cards or money transfers.
Furthermore, do not visit links or other sites pretending to be the IRS. Its website is www.irs.gov. Be sure to check all links and URLs before ever clicking on them.
CPAs are at risk as well. There are special scams that target the industry. In fact, our firm has already had a few attempts by scammers to gain access to vital information this year. But we are actively taking steps to protect our firm and our clients information from being infiltrated by fraudsters. If you need any help determining your next steps or need help as a victim, we are here to help.
By: Dee Gray, CPP (New Philadelphia)