The unprecedented phishing schemes that hit employers last tax season are back, the Internal Revenue Service warns. Here’s the latest on W-2 phishing risks and how you can avoid them.
Your association isn’t just a member-facing organization—it’s an employer. And as an employer, you owe it to the folks on the payroll to learn about—and, of course, avoid—any potential scams this tax season.
And the Internal Revenue Service warns that there are a whole lot of scams going around.
Earlier this month, for example, the IRS warned of a dangerous W-2 scam involving email phishing that is affecting places of work beyond the corporate sphere. Hospitals, schools, and other facilities have been targeted. The scheme involves the scammer pretending to be a company executive, asking for employees’ information and W-2 forms.
Already this year, one Wyoming hospital suffered an identity theft incident affecting 1,400 employees.
Last year, the phishing schemes proved surprisingly effective, and this year, the IRS says they’re being tied to wire-transfer scams.
“This is one of the most dangerous email phishing scams we’ve seen in a long time. It can result in the large-scale theft of sensitive data that criminals can use to commit various crimes, including filing fraudulent tax returns. We need everyone’s help to turn the tide against this scheme,’’ IRS Commissioner John Koskinen noted in a news release.
These sorts of incidents are costly for both individual companies and the U.S. economy: The Federal Bureau of Investigation reported last year that 22,000 businesses were victims of this scam and similar ones, with roughly $3.1 billion stolen.
A recent report on the topic from the security firm PhishLabs noted that the IRS phishing scheme was so significant last January that it topped the total of IRS-related phishing attempts seen in all of 2015—a surge the company anticipates will happen again this year.
Employers aren’t the only ones being targeted. The IRS also noted that phone scams targeting individuals were on the rise as well, and it has been covering other schemes as part of its annual “dirty dozen” list on its website.
For employers looking to be informed about IRS-related phishing schemes, they can learn more at the agency’s website.