Are Your Employees Ready?
Providing your employees with proper security training should account for tax season related to phishing scams. Teach your employees how to avoid email threats and remind them of your company’s system and network security policies and procedures. This message is particularly important as tax season approaches.
Scammers Claiming to Represent IRS
Some scammers attempt to trick people into affecting payments in response to email threats, phone calls or mail. They may also attempt to trick employees into providing confidential information in an attempt to satisfy requests from the IRS. If any party seeks payment or information related to tax, you should verify the integrity of the source and methods used before responding.
Per the IRS, ‘Scammers use the regular mail, telephone, or email to set up individuals, businesses, and payroll and tax professionals’. Typically, scammers pretend they are IRS agents or a 3rd party agent authorized to collect taxes overdue on behalf of the IRS. Individuals should avoid responding to any solicitation attempts without proper verification of the purported IRS agent’s identity. You can learn how to verify this information from the IRS website. Additionally, you should know that the IRS universally corresponds with individuals by hard mail before attempting any other form of contact.
The IRS website page Report Phishing and Online Scams contains instructions and recommendations on a wide range of tax-related phishing issues:
- What is phishing?
- What to do if you receive a suspicious IRS-related email
- What to do if you receive a suspicious IRS-related telephone call
- How do I verify contact from the IRS?
- What if I receive an email requesting W2 information?
- What if I am a tax preparer and I receive or I am a victim of an IRS-related or tax-related email?
- What if I receive an unsolicited email that references the IRS or taxes?
- What to do if you receive an unsolicited IRS-related fax
- What to do if you receive an unsolicited solicitation involving a stock or share purchase, that involves suspicious IRS or Department of Treasury documents such as “advance fees” or “penalties”
- What if I receive an unsolicited text message or Short Message Service (SMS) message claiming to be from the IRS?
- What if I receive a phishing email that is not IRS or tax-related?
- What if I want to train my employees on IRS or tax-related phishing emails by conducting a tax-related phishing exercise?
Emails Soliciting Employee Information
Cybercriminals often send emails that appear to be from company management that request W-2 and earnings summary from all employees. Sometimes they ask for additional employee personal information such as SSN, DoB, Home Address, and Salary. The scammers use this information to file false tax returns to obtain tax refunds. They also may use the information to obtain credit in the name of the victim.
According to LifeLock, ‘W-2 phishing schemes fooled more than 100 employers in the first 10 weeks of the 2017 tax season. That put more than 120,000 taxpayers at risk for identity fraud.’
You should instruct your employees: NEVER send confidential information via email without first verifying the source of the request.
Emails Directing Potential Victim to Spoof Websites
Another common tax-related phishing fraud is emails enticing people to access fraudulent websites. A few popular phrases included in these phishing emails:
- “Your account or tax return is locked or restricted”
- “Update your tax filing information”
- “Tax payment was deducted from your account”
- “You are eligible to receive a refund”
You should delete such emails without even opening. If you open the emails, you should refrain from clicking on links to websites. If for some reason you decide to enter a website proposing a tax-related benefit, do not provide any personal and confidential information.
Fake Tax Preparation Websites
Consumer Affairs advises of phishing scams where cybercriminals impersonate legitimate tax preparation websites. Their objectives include stealing tax refund returns and the typical benefits of identity theft.
These scams work well because so many taxpayers file electronically and the websites appear authentic from a cursory review. For example, a significant number of fraudulent websites mimic TurboTax, one of the most widely used electronic tax preparation and filing websites.
Going to the website directly, as opposed to clicking on a link embedded in an email, reduces the chance of becoming a victim of this fraud scheme. You should also always carefully insect the URL to such sites, looking for signs of a fraudulent domain, such as any strange characters or additions to the web address.
Preparing Your Business and Employees to Recognize and Deal With Tax Season Phishing Scams
Although this article highlights some of the most common methods of tax season related phishing scams, the list is not comprehensive. New threats will almost certainly appear as tax season approaches. Awareness proves the best way to protect your company and its employees from becoming victims of tax fraud.