The Internal Revenue Service and its Security Summit partners have once again warned payroll professionals of an uptick in phishing emails targeting them that this time involve payroll direct deposit and wire transfer scams.
These business email compromise/business email spoofing (BEC/BES) tactics generally target all types of industry and employers. The IRS and the Summit partners, consisting of state revenue departments and tax community partners, are concerned these scams – a well as the Form W-2 scam — could increase as the 2019 tax season approaches.
These emails generally impersonate a company employee, often an executive, and are sent to payroll or human resources personnel. The email from the “employee” asks the payroll or human resource staff to change his or her direct deposit for payroll purposes.The “employee” provides a new bank account and routing number, but it is, in reality, controlled by the thief. Most of the time this scam is usually discovered quickly, but not before the victim has lost one or two payroll deposits.
As a reminder, we have discussed in a previous blog, there is another version of the BEC/BES scam, the emails impersonate a company executive and are sent to the company employee responsible for wire transfers. The email requests that a wire transfer be made to a specific account that is controlled by the thief. Companies that fall victim to this scam can lose tens of thousands of dollars.
A common theme in these and many other email scams is that they include grammatical and spelling mistakes.
The IRS has provided an example of one such email (edited by IRS) that is displayed at the top of this blog.
Payroll/Tax professionals and others should also report tax-related phishing emails to firstname.lastname@example.org. This account is monitored by IRS cybersecurity professionals.This reporting process also enables the IRS and Security Summit partners to identify trends and issue warnings. Because of the dangers to tax administration posed by the Form W-2 scam, the IRS set up a reporting process for employers. Employers who fall victim to the W-2 scam should report it at email@example.com. There is a process employers can follow at Form W-2/SSN Data Theft: Information for Businesses and Payroll Service Providers. Employers who receive the W-2 scam email but do not fall victim should forward the email to firstname.lastname@example.org.