Every year, we warn the University community about tax phishing scams and tax-related identity theft scams.
This tax phishing scam assumes that you’ll be so excited that you can allegedly view your W2 online that you’ll click the link in the email. Whoops. The criminals just snookered you into surrendering your SSN.
Dear: Account Owner,
Our records indicate that you are enrolled in the University of
Delaware paperless W2 Program. As a result, you do not receive a
paper W2 but instead receive e-mail notification that your online W2
(i.e. “paperless W2”) is prepared and ready for viewing.
Your W2 is ready for viewing under Employee Self Service. Logon at
the following link:
Click Here to Logon
If you have trouble logging in to Employee Self Service at the link
above, please contact your Payroll Department for support.
If you would like to un-enroll in the Paperless W2 Program, please
logon to Employee Self Service at the link above and go to the W2
Delivery Choice webpage and follow the instructions.
How could you know this message was a phishing scam?
- We didn’t include the address here, but the email came from a stolen off-campus account.
- Note that the message does not include any information to let you verify the content of this message.
- The University of Delaware mails paper W-2 forms to all employees.
- There are a couple of language issues that should alert a reader’s scam warning system–for example: “Dear: Account Owner,”. The non-standard salutation format and the “account owner” greeting should both set off alarms.
Any time you receive email that requests personal information, you should verify the authenticity of the request before responding. In this case, a quick phone call to UD’s Payroll, Records Management, HRIS department (-831-8677) or checking with your department’s HR Liaison would have let you know that this email was a scam.
Beware of email that does not include information on how you can verify the content of the message. This email scam includes no such information.
You should also submit (or in the case of this scam, attempt to view) confidential information by logging in to websites you know and trust not by clicking a link in unverified email.
Reminder: The IRS does not initiate taxpayer communication through email
Don’t click links in email claiming to be from the IRS, no matter how convincing the email may be. Instead, go to irs.gov with your Web browser and find accurate information about your taxes.
If you think you have received a fraudulent email or phone call from a scammer claiming to be from the IRS, then follow the advice at the IRS page “What to do if you receive a suspicious IRS-related communication.”
For more information about tax fraud and tax phishing scams
- Click Alert: Tax Scams on the IRS home page, then follow the links to IRS information about phone and phishing scams.
- Go to this IRS Consumer Alert page for information on several of the tax scams currently active. The IRS has also been releasing a series of security awareness tips. The link is also available on www.irs.gov under News: “ID Theft Tax Tip Series”.
- See US-CERT Security Tip ST15-001: IRS and US-CERT Caution Users: Prepare for Heightened Phishing Risk This Tax Season. (These are the 2015 editions of these alerts. We’ll update the link if 2016 alerts are released.)
- Read Intuit’s TurboTax help file about Identity Theft: What to Do if Someone Has Already Filed Taxes Using Your Social Security Number.