After an approximate 400 percent spike in incidents so far this tax season, the IRS has renewed a consumer alert for e-mail schemes regarding phishing and malware incidents targeted at individuals. Emails scams are no longer just designed to trick taxpayers into thinking the IRS is attempting to contact them for personal information. Unfortunately, a new phishing scheme targeting payroll and HR professionals has also emerged in the wake of this massive increase in potential identity theft occurrences.
These scams are designed to trick HR and payroll professionals to provide personal information on employees. Unlike prior scams, this latest phishing scheme is a variation known as “spoofing”. This technique includes utilizing emails crafted to look as if it came from within the company being targeted, usually posing as company executives or management.
A common example described in this most recent consumer alert shows that phishing e-mails may actually use the real name of the targeted company’s chief executive officer so that the email appears to be sent from the CEO directly to another company employee, usually in the payroll department. The CEO will ask the employee to provide a variety of personal information for updating or reviewing. Some examples of reported incidents include requests for company staff W-2’ s and earnings summaries, or updated employee detail lists that include sensitive information such as full legal names, social security numbers, addresses, and dates of birth.
The IRS’ Criminal Investigation department has already reviewed numerous cases in which people have been tricked into sharing their coworkers’ personal information.
Due to this growing recent threat, payroll and HR professionals need to be especially vigilant this tax season to ensure that sensitive employee information is not being provided to what may turn out to be cybercriminals. Due to high salaries and withholding amounts, San Jose and Silicon Valley employers may be prime targets. Payroll professionals really need to conduct due diligence before forwarding any sensitive information, including W-2s, filing status and direct deposit bank information. It is extremely easy to neglect verification and disclosure procedures, especially hustle and bustle of a hectic tax season.
Any San Jose tax attorney will tell you that cleaning up the mess of identity theft after it’s already been set in motion can be a huge challenge. Keeping that in mind, all individuals should be aware of any and all potential threats that you may be faced with. Phishing is a great place to research topics such as how to prevent scams, and help with reporting any issues.
Just as a reminder, according the to the IRS, they will never initiate contact with taxpayers through email, text message or any social media channel requesting personal or financial information. This includes any requests for access information to bank accounts, credit cards, PIN numbers, or personal passwords of any kind. If you do receive any messages of this nature, do not reply, open any attachments or click on any link. You should also forward them to phishing@irs.gov before deleting the original email.
If you need a tax attorney in San Jose please contact us at 1-866-TAX-TAX-5.