ARTIFICIAL INTELLIGENCE [AI] IS NOT USED, IN WHOLE OR IN PART, IN PREPARING NYPPL SUMMARIES OF JUDICIAL AND QUASI-JUDICIAL DECISIONS

March 04, 2016

IRS Alerts Payroll and HR Professionals to Phishing Schemes


IRS Alerts Payroll and HR Professionals to Phishing Schemes
Source: IRS Newsletter #IR-2016-34 [Links to additional information are in color below.]

On March 3, 2016, the Internal Revenue Service [IRS] issued an alert to payroll and human resources professionals warning of an emerging phishing e-mail scheme that purports to be from executive officers or supervisors and requests employee personal information.

The Merriam‑Webster dictionary defines phishing as "a scam by which an e-mail user is duped into revealing personal or confidential information which the scammer can use illicitly."

The IRS reports that it has learned this scheme – part of the surge in phishing e-mails seen this year – already has claimed several victims as payroll and human resources offices mistakenly e-mailed payroll data including W-2 Forms that contain Social Security numbers and other personally identifiable information, to cyber-criminals posing as executive officers or supervisors.

IRS Commissioner John Koskinen said “If your CEO appears to be e-mailing you for a list of company employees, check it out before you respond. Everyone has a responsibility to remain diligent about confirming the identity of people requesting personal information about employees.”

IRS Criminal Investigation is reviewing several cases in which individuals have been tricked into sharing Social Security numbers with what turned out to be cyber-criminals. Criminals using personal information stolen elsewhere then seek to “monetize” this data, including filing fraudulent tax returns for refunds due a taxpayer. 

There is also a phishing variation is known as a “spoofing” e-mail. The e-mail will contain, for example, the actual name of an executive officer or supervisor. In this variation, the “CEO” sends an e-mail to a payroll or personnel office employee requesting a list of employees and information including employee Social Security numbers.

The following are actual examples of the information requested in these “spoof mails”:

“Kindly send me the individual 2015 W-2 (PDF) and earnings summary of all W-2 of our employees for a quick review

“Can you send me the updated list of employees with full details (Name, Social Security Number, Date of Birth, Home Address, Salary) as at 2/2/2016.

“I want you to send me the list of W-2 copy of employees wage and tax statement for 2015,

“I need them in PDF file type, you can send it as an attachment. Kindly prepare the lists and e-mail them to me ASAP.”

The IRS recently renewed and issued a consumer alert [IR-2016-28, Feb. 18, 2016] for e-mail schemes after seeing an approximate 400 percent surge in phishing and malware incidents so far this tax season and receiving other reports of scams targeting others in a wider tax community.

The e-mails are designed to trick individuals into thinking these are official communications from the IRS or others in the tax industry, including tax software companies. The phishing schemes can ask individuals to provide a wide range of personal and financial information. E-mails can seek information related to refunds, filing status, confirming personal information, ordering transcripts and verifying PIN information.

The IRS, state tax agencies and tax industry are engaged in a public awareness campaign – Taxes. Security. Together. – to encourage everyone to do more to protect personal, financial and tax data. See IRS.gov/taxessecuritytogetheror Publication 4524 for additional information addressing steps that can take to protect employees and individuals from spoofs, scams and phishing.  

CAUTION

Subsequent court and administrative rulings, or changes to laws, rules and regulations may have modified or clarified or vacated or reversed the decisions summarized here. Accordingly, these summaries should be Shepardized® or otherwise checked to make certain that the most recent information is being considered by the reader.
THE MATERIAL ON THIS WEBSITE IS FOR INFORMATION ONLY. AGAIN, CHANGES IN LAWS, RULES, REGULATIONS AND NEW COURT AND ADMINISTRATIVE DECISIONS MAY AFFECT THE ACCURACY OF THE INFORMATION PROVIDED IN THIS LAWBLOG. THE MATERIAL PRESENTED IS NOT LEGAL ADVICE AND THE USE OF ANY MATERIAL POSTED ON THIS WEBSITE, OR CORRESPONDENCE CONCERNING SUCH MATERIAL, DOES NOT CREATE AN ATTORNEY-CLIENT RELATIONSHIP.
NYPPL Blogger Harvey Randall served as Principal Attorney, New York State Department of Civil Service; Director of Personnel, SUNY Central Administration; Director of Research, Governor’s Office of Employee Relations; and Staff Judge Advocate General, New York Guard. Consistent with the Declaration of Principles jointly adopted by a Committee of the American Bar Association and a Committee of Publishers and Associations, the material posted to this blog is presented with the understanding that neither the publisher nor NYPPL and, or, its staff and contributors are providing legal advice to the reader and in the event legal or other expert assistance is needed, the reader is urged to seek such advice from a knowledgeable professional.
New York Public Personnel Law. Email: publications@nycap.rr.com