The Internal Revenue Service (IRS) is warning all taxpayers that the W-2 Phishing Scam is emerging earlier this year and is not only targeting business, but also “school districts, tribal organizations and nonprofits.”
Last year, companies were hit hard by this scam nationwide. According to the FBI, from 2013 through 2016, there were over 15,000 victims a 1500% increase in losses from this scam. Total dollars lost – over $1 billion. Globally, this loss was more than double the U.S. total.
Using social engineering, scammers locate and spoof executive emails in these sectors. Then they request employee names, W-2 information, and even wire transfers from unsuspecting employees.
How to guard against this scam:
- Always question requests for employee information or money, especially wire-transfers – even if the request comes from the CEO or another executive. Before doing anything else, verify that the person in the email did actually make the request.
- Train employees to never click on pop-ups or links in emails from an unknown resource.
- Implement two-factor authentication for access to company accounts and systems.
- Keep all computer operating systems up to date with the latest security fixes.
- Keep anti-virus and anti-malware applications up to date.
- Create a corporate verification process for electronic release of sensitive data or funds.
For more information on this scam, check out Dangerous W-2 Phishing Scam Evolving; Targeting Schools, Restaurants, Hospitals, Tribal Groups and Others. To report a scam, go to the BBB Scam Tracker. To find trustworthy businesses, go to bbb.org.