One of last year’s favorite tax scams is back: W2 spear phishing.
Several companies’ employees have been fooled by an email that was “spoofed” so that it appeared to be from their bosses or CEOs. The email asked for the employee to reply with a copy of the company’s W2 data (employees’ names, SSNs, and other confidential data). When some employees obliged by sending a PDF of the W2 data, they imperiled the personal information of their company and coworkers. Just recently, thousands of employees at Scotty’s Brewhouse had their data handed to scammers. It’s safe to say that this tax season will be as dangerous as last year’s.
According to the IRS, scammers can do a lot of damage with the information on a W2. Often, scammers file fraudulent tax returns in names of the affected employees—preventing those employees from filing their own returns. This scam can strike any business or organization—even tech companies like Snapchat, Sunrun, and SeaGate have been victimized recently.
In a recent development, criminals have also combined this scam with phishing email to companies’ comptrollers or other financial officers demanding that money be sent by wire transfer.
We urge University employees to be vigilant for any suspicious requests for personal information, w2 data, or requests for immediate payment. All members of the University community are responsible for protecting the information of their friends and coworkers. Employees in payroll, finance, or Human Resources should be especially wary of suspicious emails, as these spear phishing attacks are often targeted to employees in their roles.
There are several steps you must take to protect yourself and others from this scam:
- Verify any requests for confidential student or employee information by contacting the individual who is allegedly requesting the information. Never use the telephone number or email provided in the suspicious email; instead, look up the individual’s contact information in a trusted source like the official directory.
- Do not send confidential information through unencrypted email.
- File your tax returns as soon as you can; the scammers can’t file in your name if you’ve already beaten them to it.
- And finally, as always:
Think B4 U Click!