Every tax season, cyber criminals try to find new ways to steal money from unwary taxpayers via email scams. But the Internal Revenue Service warned this week that the scammers have widened their net to include school districts, tribal organizations and nonprofits.
The latest scam includes a “phishing” email that tries to get the employer to forward sensitive employee information such as social security numbers and copies of W-2 forms.
To make themselves seem even more official, the scammers are following up with an email to the payroll department or controller asking that a wire transfer be made to a certain account. Organizations receiving a suspicious “phishing” email should forward it to firstname.lastname@example.org.
“Cybercriminals are getting more and more sophisticated, and many of these emails may appear genuine,” said MWE Partner Lance Christensen, who heads up Margolin, Winer & Evens’ tax practice. “Educating employees about the scams and putting a strong internal policy in place are the first steps to combatting them – and making sure companies don’t get burned.”
MWE advises all companies to develop a written internal policy on the distribution of employee W-2 information. If you’d like guidance on creating this policy or have additional questions, please contact us.