March 04, 2016

IRS Alerts Payroll and HR Professionals to Phishing Schemes


IRS Alerts Payroll and HR Professionals to Phishing Schemes
Source: IRS Newsletter #IR-2016-34 [Links to additional information are in color below.]

On March 3, 2016, the Internal Revenue Service [IRS] issued an alert to payroll and human resources professionals warning of an emerging phishing e-mail scheme that purports to be from executive officers or supervisors and requests employee personal information.

The Merriam‑Webster dictionary defines phishing as "a scam by which an e-mail user is duped into revealing personal or confidential information which the scammer can use illicitly."

The IRS reports that it has learned this scheme – part of the surge in phishing e-mails seen this year – already has claimed several victims as payroll and human resources offices mistakenly e-mailed payroll data including W-2 Forms that contain Social Security numbers and other personally identifiable information, to cyber-criminals posing as executive officers or supervisors.

IRS Commissioner John Koskinen said “If your CEO appears to be e-mailing you for a list of company employees, check it out before you respond. Everyone has a responsibility to remain diligent about confirming the identity of people requesting personal information about employees.”

IRS Criminal Investigation is reviewing several cases in which individuals have been tricked into sharing Social Security numbers with what turned out to be cyber-criminals. Criminals using personal information stolen elsewhere then seek to “monetize” this data, including filing fraudulent tax returns for refunds due a taxpayer. 

There is also a phishing variation is known as a “spoofing” e-mail. The e-mail will contain, for example, the actual name of an executive officer or supervisor. In this variation, the “CEO” sends an e-mail to a payroll or personnel office employee requesting a list of employees and information including employee Social Security numbers.

The following are actual examples of the information requested in these “spoof mails”:

“Kindly send me the individual 2015 W-2 (PDF) and earnings summary of all W-2 of our employees for a quick review

“Can you send me the updated list of employees with full details (Name, Social Security Number, Date of Birth, Home Address, Salary) as at 2/2/2016.

“I want you to send me the list of W-2 copy of employees wage and tax statement for 2015,

“I need them in PDF file type, you can send it as an attachment. Kindly prepare the lists and e-mail them to me ASAP.”

The IRS recently renewed and issued a consumer alert [IR-2016-28, Feb. 18, 2016] for e-mail schemes after seeing an approximate 400 percent surge in phishing and malware incidents so far this tax season and receiving other reports of scams targeting others in a wider tax community.

The e-mails are designed to trick individuals into thinking these are official communications from the IRS or others in the tax industry, including tax software companies. The phishing schemes can ask individuals to provide a wide range of personal and financial information. E-mails can seek information related to refunds, filing status, confirming personal information, ordering transcripts and verifying PIN information.

The IRS, state tax agencies and tax industry are engaged in a public awareness campaign – Taxes. Security. Together. – to encourage everyone to do more to protect personal, financial and tax data. See IRS.gov/taxessecuritytogetheror Publication 4524 for additional information addressing steps that can take to protect employees and individuals from spoofs, scams and phishing.