The FBI has observed a significant increase since January of complaints of compromised or spoofed emails involving W-2 information.
“Beginning in January 2017, IRS’s Online Fraud Detection & Prevention (OFDP), which monitors for suspected IRS-related phishing emails, observed an increase in reports of compromised or spoofed emails requesting W-2 information.” states the alert published by the FBI.
W-2 information is a precious commodity for crooks that are showing an increasing interest in tax data.
Law enforcement and security experts observed many variations of IRS and tax-related phishing campaigns, but most effective are mass data thefts, for example, campaigns targeting Human Resource (HR) professionals.
“The most popular method remains impersonating an executive, either through a compromised or spoofed email in order to obtain W-2 information from a Human Resource (HR) professional within the same organization.” continues the alert.
“Individual taxpayers may also be the targeted, but criminals have evolved their tactics to focus on mass data thefts.”
A separate warning od W-2 -related phishing campaigns was issued by the Internal Revenue Service.
“The Form W-2 scam has emerged as one of the most dangerous phishing emails in the tax community. During the last two tax seasons, cybercriminals tricked payroll personnel or people with access to payroll information into disclosing sensitive information for entire workforces.” reads the IRS’s advisory issued in January. “The scam affected all types of employers, from small and large businesses to public schools and universities, hospitals, tribal governments and charities.”
Once cyber criminal obtained the W-2 information, they will request a wire transfer, unfortunately, in the case of businesses and organizations the scam is not discovered for weeks or months.
“The initial email may be a friendly, “hi, are you working today” exchange before the fraudster asks for all Form W-2 information. In several reported cases, after the fraudsters acquired the workforce information, they immediately followed that up with a request for a wire transfer.” continues the advisory.
“In addition to educating payroll or finance personnel, the IRS and Security Summit partners also urge employers to consider creating a policy to limit the number of employees who have authority to handle Form W-2 requests and that they require additional verification procedures to validate the actual request before emailing sensitive data such as employee Form W-2s.”
Phishing scams related W-2 information have been increasing, the number of reports regarding this criminal practice from both victims and non-victims jumped from over 100 in 2016 up to roughly 900 in 2017, The IRS confirmed that more than 200 employers were victimized in 2017.
“Reports to firstname.lastname@example.org from victims and nonvictims about this scam jumped to approximately 900 in 2017, compared to slightly over 100 in 2016. Last year, more than 200 employers were victimized, which translated into hundreds of thousands of employees who had their identities compromised.” continues the alert.
Let me close with recommendations published by the FBI to avoid being victims of W-2 phishing scams and BEC:
(Security Affairs – W-2 information, cybercrime)