It’s no secret that scammers continuously prey on innocent victims in an effort to steal their tax records. In many cases, they even commit identity theft by accessing their personal information. Scammers prey on anyone they can but often focus on the elderly, who can be more vulnerable to these types of attacks. Furthermore, scam artists are always looking for new ways to access their victims’ private information as they try to stay one step ahead of the IRS and other agencies trying to stop them. However, the IRS is now warning of a new kind of scam that perhaps no one would have ever seen coming.
Scammers are actually going after tax professionals with their latest phishing scam. According to the IRS, this email phishing scam attempts to fool tax professionals into believing they are working with their software providers via email. However, these emails are in reality a front to gain access to user names and passwords from tax professionals’ clients.
The IRS says the email comes with a subject line of “Software Support Update,” or “Important Software System Upgrade,” or something very similar. The email goes on to thank the tax professionals for trusting and allowing them to prepare their clients’ taxes and then asks them to validate their login credentials because of a recent update. When the information is entered, the email then sends the unsuspecting victim to a phishing site that steals the account login information.
According to the IRS this new W-2 scam – called a business email compromise or BEC – is growing and is one of the most dangerous phishing email schemes currently being used. The IRS says it saw a sharp increase in the number of incidents and victims during the 2017 filing season. The agency says, “A business email compromise occurs when a cyber criminal is able to ‘spoof’ or impersonate a company or organization executive’s email address and target a payroll, financial or human resources employee with a request. For example, fraudsters will try to trick an employee to transfer funds into a specified account or request a list of all employees and their Forms W-2.”
Furthermore, according to IRS Commissioner John Koskinen, “These are incredibly tricky schemes that can be devastating to a tax professional or business.” This scam first started to appear during the 2016 filing season, and the IRS began to warn businesses that the scam had moved to tax administration.
After scammers used business email compromise tactics to ascertain W-2s, they immediately filed fraudulent tax returns that mirrored the actual income received by employees, thus, making the fraud harder to detect. The IRS reported that it saw the number of businesses, public schools, universities, tribal governments and non-profits victimized by the W-2 scam increase from 50 in 2016 to 200 in 2017. Overall, the IRS reports that the number of phishing scam attacks rose 65 percent in 2016 compared to 2015, to 1.2 million. In fact, there are more than 92,000 attacks of this kind every month
The IRS recommends that tax professionals take these important measures to fight these attacks:
As always, the IRS warns consumers, as well as tax professionals, to “never open links or attachments from suspicious emails.” However, the battle against cyber crime takes a complete effort by all parties involved, meaning brands and email marketers need to ensure their email security is sufficient to protect against impersonation attacks. To learn more about this scam and how to protect yourself, click here.
This post was published on September 12, 2017