With fewer than two months before tax returns are due, the FBI is warning of an increase in new scams that try to trick taxpayers and employers into sending employee records, Social Security numbers, dates of birth, and other sensitive information.
The scams are most often directed at human resources departments in an attempt to trick workers into sending records for large numbers of employees. Often, the people perpetrating these crimes impersonate executives inside a targeted company by compromising or spoofing a trusted email account that asks for all W-2 information on record.
“Individual taxpayers may also be… targeted, but criminals have evolved their tactics to focus on mass data thefts,” FBI officials wrote in an advisory published Wednesday. “This scam is just one of several new variations of IRS and tax-related phishing campaigns targeting W-2 information, indicating an increase in the interest of criminals in sensitive tax information.”
The FBI provided additional details about the scam in January:
Here’s how the scam works: Cybercriminals do their homework, identifying chief operating officers, school executives or others in positions of authority. Using a technique known as business email compromise (BEC) or business email spoofing (BES), fraudsters posing as executives send emails to payroll personnel requesting copies of Forms W-2 for all employees.
The Form W-2 contains the employee’s name, address, Social Security number, income and withholdings. Criminals use that information to file fraudulent tax returns, or they post it for sale on the Dark Net.
The initial email may be a friendly, “hi, are you working today” exchange before the fraudster asks for all Form W-2 information. In several reported cases, after the fraudsters acquired the workforce information, they immediately followed that up with a request for a wire transfer.
Other scams target individual taxpayers in an attempt to obtain information that can be used to file fraudulent tax returns. In a blog post published Thursday, Kaspersky Lab said researchers have observed “bursts of scamming activity throughout” 2017. The fraudsters use a range of ploys to bait targets, including potential tax refunds and requests for updated personal information. Other times, scammers pose as officials from Intuit, the maker of the widely used TurboTax program, in an attempt to phish credentials for using the tax-return service. The scams are communicated in emails, text messages, and phone calls.
“Tax refund forms are a very popular tool for phishers in the US, and scam sites that exploit this method typically appear at the start of the tax return period,” Kaspersky Lab researcher Nadezhda Demidova wrote. “The amount of data they steal is staggering: anything they can and more besides. They exploit users’ very strong urge to claw back some of their hard-earned cash.”
The FBI said in January that the number of W-2 scam reports it received in 2017 rose to about 900, an almost nine-fold increase from 2016. Last year, more than 200 employers were scammed, a number that translated to hundreds of thousands of employees who had their identities compromised. With last year’s Equifax breach exposing sensitive information on more than 145.5 million US consumers, this year could be worse. Wednesday’s FBI advisory provides email addresses and other instructions for reporting W-2 scams in progress.