The U.S. Internal Revenue Service issued a reminder warning to all employers about an email identity-theft scam that spoofs emails from senior management, payroll or human resource departments to trick employees into revealing sensitive information such as their W-2 forms. Scammers are targeting schools, nonprofits, and other organizations.
How the scam works
The cyber criminal will send an email that appears to be from a legitimate company executive or department requesting information similar to the following:
- “Kindly send me the individual 2016 W-2 (PDF) and earnings summary of all W-2 of our company staff for a quick review.”
- “Can you send me the updated list of employees with full details (Name, Social Security Number, Date of Birth, Home Address, Salary).”
- “I want you to send me the list of a W-2 copy of employee’s’ wage and tax statement for 2016; I need them in PDF file type, you can send it as an attachment. Kindly prepare the lists and email them to me asap.”
- A variation of the scam may also ask that funds be wired to a certain account.
What can you do to protect yourself
Remember that when you receive sudden requests like this, they may be spoofed emails and that you should double check their authenticity with the requestor or your supervisor.
Report Phishing scams marking mail as Phishing in Gmail. For more details, please visit our page on Phishing. If you’re not sure, contact TechHelp@fitnyc.edu.
This tax season, stay alert for scams like this, and Think Before You Click and Be Cybersafe!