Cruz & Rubio release taxes, challenge Trump to do same
Doing the weird and wacky tax deduction dance
Instead of going out on a shaky tax-break limb, turn instead to legal March tax moves

March arrives not as lion or lamb, but as a fish phish

The animal heralding March's arrival this tax-filing season is not a lion or a lamb, but a fish, or rather a phish.

Fish-giphy

Yep, a new phishing scam has emerged, with tax crooks trying out a new scheme that targets payroll and human resources professionals.

The Internal Revenue Service today issued an alert to the folks who handle employee data to be wary of a phishing email purporting to be from company executives seeking personal information on employees.

I know it's thrilling -- or terrifying if your big boss is anything like The Donald (and I've also worked for a few of those fu…folks) -- to hear from the top executive. Just make sure it is indeed the top executive.

But let's take a quick reality check.

Do you really think a corporate CEO wants or needs the Social Security numbers and other personal data of all workers? I've worked for companies, big and small, and management has plenty of other things to worry about. That's why businesses have HR departments or outsource to payroll companies.

And if the big boss really is seeking personal data on you or any of your coworkers, you might want to look for another job.

Fake boss criminal requests: In most cases, such corporate big-wig requests for rank-and-file personal data is a scam.

So take a minute before replying. Then don't reply. Instead, tell your boss, who then should reward you for your attentiveness and diligence in protecting workers and the company.

In this latest phishing ploy, one of several the IRS has seen surging this tax-filing season, the faux corporate execs are asking for payroll data, including W-2 forms that contain Social Security numbers and other personally identifiable information.

"This is a new twist on an old scheme using the cover of the tax season and W-2 filings to try tricking people into sharing personal data. Now the criminals are focusing their schemes on company payroll departments," warns IRS Commissioner John Koskinen.

"If your CEO appears to be emailing you for a list of company employees, check it out before you respond," adds Koskinen. "Everyone has a responsibility to remain diligent about confirming the identity of people requesting personal information about employees."

Unfortunately, says IRS Criminal Investigation, some folks have already been caught in these cyber criminals' phishing net. They then will use the data to file fraudulent tax returns for refunds.

Spotting the spoofed boss: This latest phishing variation is known as a spoofing email. It will contain, for example, the actual name of the company chief executive officer.

The purported CEO sends an email to a company payroll office employee and requests a list of employees and information including Social Security numbers.

Here are some of the requests the IRS says it has seen in the fake CEO e-mails:

  • Kindly send me the individual 2015 W-2 (PDF) and earnings summary of all W-2 of our company staff for a quick review
  • Can you send me the updated list of employees with full details (Name, Social Security Number, Date of Birth, Home Address, Salary) as at 2/2/2016.
  • I want you to send me the list of W-2 copy of employees wage and tax statement for 2015, I need them in PDF file type, you can send it as an attachment. Kindly prepare the lists and email them to me asap.

Big phishing season: This business-themed phishing warning comes on the heels of the IRS' recent alert to consumers about the explosion this filing season of fake tax-related emails.

Uncle Sam's tax collector says it has seen an approximate 400 percent surge in phishing and malware incidents so far this tax season.

No taxpayer or tax-related group is immune.

The phishing attempts have been aimed at individual filers, tax professionals, tax software customers and now businesses.

And they cover a wide range of topics, ranging from criminal requests for information about refunds, filing status, personal information, transcripts and tax-filing personal identification numbers.

So be alert. I know you get a lot of tax-related messages this time of year. Some of it is legitimate. Just make sure of that before responding. 

You also might find these items of interest:

Comments

Feed You can follow this conversation by subscribing to the comment feed for this post.

Bev Smith

At our firm we mainly have been targeted by an email scam where emails are sent to us by unknown users with a link to either a drop box or some other document sharing software, purporting to be sending us tax documents to be used for tax preparation.

Verify your Comment

Previewing your Comment

This is only a preview. Your comment has not yet been posted.

Working...
Your comment could not be posted. Error type:
Your comment has been saved. Comments are moderated and will not appear until approved by the author. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.

Working...

Post a comment

Comments are moderated, and will not appear until the author has approved them.

Your Information

(Name is required. Email address will not be displayed with the comment.)