The Security Summit partners today warned of an uptick in phishing emails targeting them that involve payroll direct deposit and wire transfer scams.
These business email compromise/business email spoofing (BEC/BES) tactics generally target all types of industry and employers. Recently the IRS received a number of reports from tax prepares that they are also being targeted.
The IRS and the Summit partners are concerned these scams, as well as the Form W-2 scam could increase as the 2019 tax season approaches.
These emails generally impersonate a company employee, and are sent to payroll or human resources personnel. The email from the "employee" asks the payroll or human resource staff to change their direct deposit for payroll purposes. The "employee" provides a new bank account and routing number, but it is actually controlled by the thief. This scam is usually discovered pretty quickly, but not before the loss of one or two payroll deposits.
In another version of the BEC/BES scam, the emails impersonate a company executive and are sent to the employee responsible for wire transfers. The email requests that a wire transfer be made to a specific account that is controlled by the thief. Businesses that fall victim to this scam can lose tens of thousands of dollars.
A common theme in these and many other email scams is that they include grammatical and spelling mistakes.
All businesses should be alert to these BEC/BES scams that take many forms such as fake invoice payments, title escrow payments, wire transfers or other schemes that result in a quick payoff for the thief. Businesses should consider policy changes to guard against such losses.
One version the IRS and Summit partners have highlighted in recent years is the W-2 scam. This involves an email impersonating an executive or person in authority, which requests a list of the organization's Forms W-2 covering all of its employees. The purpose of this scam is to allow thieves to quickly file fraudulent tax returns for refunds. All employers, in both the public and private sectors, should be on guard against this and other dangerous scams.
Where to send the BEC/BES emails
General non-tax related BEC/BES email scams should be forwarded to Internet Crime Complaint Center, which is monitored by the Federal Bureau of Investigation. The public can file a complaint about email scams or other internet-related scams by going to www.ic3.gov.
Tax professionals and others should also report tax-related phishing emails to firstname.lastname@example.org. This account is monitored by IRS cyber-security professionals. This reporting process also enables the IRS and Security Summit partners to identify trends and issue warnings.
Because of the dangers to tax administration posed by the Form W-2 scam, the IRS set up a reporting process for employers. Employers who fall victim to the W-2 scam should report it at email@example.com.
There is a process employers can follow at Form W-2/SSN Data Theft: Information for Businesses and Payroll Service Providers. Employers who receive the W-2 scam email but do not fall victim should forward the email to firstname.lastname@example.org.
Please remember that LR Tax & Accounting Services, Inc. is always here to help with any questions and concerns. We offer tax planning, tax resolution, tax returns for individuals and business, accounting, payroll and bookkeeping. Please contact us today to get a quote or ask a question!
If you had experience with us, please leave a feedback for us on Yelp, Google, or our Facebook Page!