The Internal Revenue Service (IRS) is warning about an uptick in phishing emails involving payroll direct deposit, wire transfer, and W-2 scams. The emails, which are primarily targeted to businesses, are not limited to a particular industry or employer though the IRS has received reports that tax preparers are among those affected.
Here’s how they typically work. The emails generally impersonate a real company employee, often an executive, and are sent to payroll or human resources (HR) personnel. The email asks the payroll or HR department to change the employee’s deposit for payroll purposes and provides a new bank account and routing number which, of course, leads to a bogus account operated by the scammer. By the time the deception has been discovered, the employee has lost one or two payroll deposits.
In another version, the emails impersonate a company executive and are directed to the company employee responsible for wire transfers. The email requests that a wire transfer is made to a bank account for company purposes, but is actually controlled by the scammer.
In yet another version, the emails impersonate a company executive and request information about forms W-2 from payroll or HR. The emails typically ask for the forms W-2 and earnings summary of all W-2 employees, or an updated list of employees with their personal details including Social Security Number, home address, and salary. The purpose of this scam is to allow thieves to quickly file fraudulent tax returns for refunds.
These scams are sometimes referred to as business email compromise (BEC) or business email spoofing (BES) scams. All businesses should be alert to these BEC/BES scams; they can take other forms, too, including fake invoice payments, title escrow payments, wire transfers or other schemes that result in a quick payoff for the thief. Businesses should consider policy changes to guard against such losses.
If you receive a suspicious email, read it carefully before taking action. A common theme in these and other email scams is that they include grammar and spelling mistakes.
Here’s a look at one of the emails:
Date: 12/10/18 [REMOVED]
Subject: ACH Payment Attention
Please confirm the receipt of my message, Authorized can you handle domestic transfer payment now?
Sent from my iPhone
If you receive one of these emails, here’s what to do:
- Forward non-tax related BEC/BES email scams to the Internal Crime Complaint Center (IC3), which is monitored by the Federal Bureau of Investigation (FBI). You can file a complaint about email scams or other internet-related scams by going to www.ic3.gov.
- If you receive tax-related phishing emails, forward those to firstname.lastname@example.org. IRS cybersecurity professionals monitor this account, and this reporting process also enables the IRS and its Security Summit partners to identify trends and issue warnings.
- If you are an employer impacted by the form W-2 scam, forward the email to email@example.com. There is a process that employers can follow at Form W-2/SSN Data Theft: Information for Businesses and Payroll Service Providers. If you are an employer who received a form W-2 scam email but was not impacted (meaning you didn’t click or respond), forward the email to firstname.lastname@example.org.
No matter what kind of bogus email you receive, don’t engage or respond with scammers (spoiler alert: you won’t win).
The IRS and its Security Summit partners, consisting of state revenue departments and tax community partners, are concerned that these scams could increase as the 2019 tax season approaches. Don’t fall for the tricks. Keep your personal information safe by remaining alert. And, when in doubt, assume it’s a scam. For tips on protecting yourself from identity theft-related tax fraud, click here.