Dangerous W-2 Phishing Scam Evolving, Targets Include Nonprofits

By: Anders Erickson, CISA, CISSP, CRISC

“This is one of the most dangerous email phishing scams we’ve seen in a long time. It can result in the large-scale theft of sensitive data that criminals can use to commit various crimes, including filing fraudulent tax returns. We need everyone’s help to turn the tide against this scheme,’’ said IRS Commissioner John Koskinen referring to the phishing scam resulting in theft of W-2 information across many industries including nonprofit organizations.

Cyber criminals are using spoofing techniques to disguise an email making it appear as if it is coming from an executive within the organization so that the recipient (usually in the payroll or HR department) feels compelled to respond. The cyber-criminal is asking for a list of employees with their W-2s and intend to use this information in order to fake a tax return and fraudulently collect an employee’s return before they have a chance to file themselves. Cyber criminals may also be asking to wire money as a part of this scam and continue to evolve their scams.

If you believe that your organization has been a victim of these types of scams you can take many steps at the organization level:

  • Report the W-2 thefts to the IRS immediately so that they can begin to help protecting the employees from tax-related identity theft. Forward to phishing@irs.gov and place “W2 Scam” in the subject line.
  • File a complaint with the Internet Crime Complaint Center (IC3,) operated by the Federal Bureau of Investigation.

If you are an employee who’s W-2 has been stolen:

  • You should review the recommended actions by the Federal Trade Commission at www.identitytheft.gov or the IRS at www.irs.gov/identitytheft.
  • File a Form 14039, Identity Theft Affidavit, if your tax return gets rejected because of a duplicate Social Security number and/or if instructed to do so by the IRS.

If your organization is lucky enough to have avoided such scams so far, there are measures to take to protect and prevent attacks ahead of time.

  • Consult cyber security experts about how to establish a culture of security at your organization
  • Enact policies and procedures safeguarding the handling of W-2s during tax season
  • Encourage your employees to be safe online and avoid to scam site fronting as Tax Return eServices sites.

Eide Bailly has cyber security and computer forensic experts that can help organizations prevent or respond to these and other cyber threats.  Please contact your Eide Bailly representative or Eide Bailly’s Cyber Security Leader, Anders Erickson at 208.383.4731 or email aerickson@eidebailly.com for more information.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s