Warning: Once Again Payroll Professionals are Being Targeted by Scams

 The Internal Revenue Service and its Security Summit partners have once again warned payroll professionals of an uptick in phishing emails targeting them that this time involve payroll direct deposit and wire transfer scams.

 These business email compromise/business email spoofing (BEC/BES) tactics generally target all types of industry and employers. The IRS and the Summit partners, consisting of state revenue departments and tax community partners, are concerned these scams – a well as the Form W-2 scam — could increase as the 2019 tax season approaches.

These emails generally impersonate a company employee, often an executive, and are sent to payroll or human resources personnel. The email from the “employee” asks the payroll or human resource staff to change his or her direct deposit for payroll purposes.The “employee” provides a new bank account and routing number, but it is, in reality, controlled by the thief. Most of the time this scam is usually discovered quickly, but not before the victim has lost one or two payroll deposits.

As a reminder, we have discussed in a previous blog, there is another version of the BEC/BES scam, the emails impersonate a company executive and are sent to the company employee responsible for wire transfers. The email requests that a wire transfer be made to a specific account that is controlled by the thief. Companies that fall victim to this scam can lose tens of thousands of dollars.

 A common theme in these and many other email scams is that they include grammatical and spelling mistakes.

The IRS has provided an example of one such email (edited by IRS) that is displayed at the top of this blog.

Payroll/Tax professionals and others should also report tax-related phishing emails to phishing@irs.gov. This account is monitored by IRS cybersecurity professionals.This reporting process also enables the IRS and Security Summit partners to identify trends and issue warnings. Because of the dangers to tax administration posed by the Form W-2 scam, the IRS set up a reporting process for employers. Employers who fall victim to the W-2 scam should report it at dataloss@irs.gov. There is a process employers can follow at Form W-2/SSN Data Theft: Information for Businesses and Payroll Service Providers. Employers who receive the W-2 scam email but do not fall victim should forward the email to phishing@irs.gov.

Paying Extra to Exempt Employees

I always seem to get questions this time of year about paying overtime or “extra pay” to exempt employees.  Many departments or companies have this time of year as their busiest and want to make sure that exempt employees can earn extra monies during this time without endangering their exempt status or actually converting those employees to nonexempt.  I want to refer my followers to a great blog by Bill Pokorny of Franczek Radelet written for the Wage and Hour Insights blog that answers this exact question. I hope you find it useful.